Hey! I’m Sc4n-X - CPTS / OSCP Certified

This blog is focusing on pentesting / red team notes, lab writeups, and security tooling I use in the field. I’m a CyberSercurity enthusiast and CTF addict.

“I break things so others don’t get broken.”

Focus areas

• Recon & enumeration: host discovery, service fingerprinting, content discovery, wordlists
• Web vulns: authN/Z flaws, SQLi, XSS, SSTI, file inclusion, upload bypass, IDOR, SSRF basics
• Credential attacks: password spraying, bruteforce, Kerberoasting/AS-REP roast (core AD), loot & reuse
• Linux privesc: misconfigs (sudoers, SUID), PATH/Docker abuses, NFS/cron, kernel & capabilities
• Windows privesc: UAC bypass patterns, service misconfigs, DLL hijacking, token abuse, registry/WSUS tricks
• Shells & pivoting: reverse/bind shells, socat/chisel/SSH tunnels, port-fw, proxychains + SOCKS
• Post-exploitation: data hunting, persistence, AV/EDR-aware OPSEC basics
• Reporting: clear impact, reproducible steps, and actionable remediation

Values

• Reproducible exploitation
• Clear remediation steps
• No drama, just signal

Contact

• Email: contact@deeproot.me

PGP

• Key ID: 0x30EF492A
• Fingerprint: 438A 957F C45D ABC6 9252 EFB8 E5D3 548D 30EF 492A
• Public key: Download (ASC)

Disclaimer: Content is for educational purposes. Findings and opinions are my own and do not represent my employer or clients.