Three weeks after passing CPTS, I am awaiting approval on the Hack The Box Certified Web Exploitation Specialist (CWES) exam. This is the experience; what the path covers, how the exam felt, and wh...

Module: Attacking GraphQL | Platform: HackTheBox Academy Key Vulnerabilities: Unrestricted introspection, exposed API keys, insecure mutation (role injection), SQL injection via GraphQL argument Au...

Module: Broken Authentication | Platform: HackTheBox Academy Key Vulnerabilities: User enumeration via error message diffing, password brute-force with policy filtering, 2FA bypass via direct acces...

Difficulty: Medium | OS: Ubuntu 24.04 | Release: March 2026 Key Vulnerabilities: JWT alg: none bypass, plaintext secret exposure, SSH CA private key file permissions Author: jkonpc | March 18, 2026...

I figured I should write something that isn’t a writeup or a deep dive into AI tooling, so here it is — the “who is this guy” post. My name’s Jesse. I’ve been messing with computers since before I...

Difficulty: Medium | OS: Debian 14 | Release: March 1, 2026 CVEs: CVE-2025-32462 (sudo hostname spoofing), CVE-2025-32463 (sudo chroot nsswitch injection) Author: jkonpc | March 9, 2026 Executiv...

On March 4, 2026 I passed the Hack The Box Certified Penetration Testing Specialist (CPTS) exam. This post covers the full timeline — what worked, what didn’t, how I approached the exam, and what I...

Difficulty: Medium | OS: Linux (Ubuntu 20.04) | Release: January 2026 CVEs: None (wireless misconfiguration chain) Author: jkonpc | February 27, 2026 Executive Summary AirTouch is a medium-diff...

The Question I’ve been building out a local AI stack — Ollama, Open WebUI, a 4090 doing inference — and I wanted to know: can these models actually help with pentesting? Not the marketing benchmar...

Why Local Every time you paste a target IP, a hash, or a command sequence into ChatGPT, that data hits someone else’s servers. For pentesting work — client networks, credentials, attack methodolog...