Grindlab

GrindlabGrindlab — where grind meets lab.https://grindlab.dev/HTB Administratorhttps://grindlab.dev/blog/htb-administrator/https://grindlab.dev/blog/htb-administrator/Solving HTB AdministratorWed, 08 Apr 2026 19:36:00 GMTHTB Tabbyhttps://grindlab.dev/blog/htb-tabby/https://grindlab.dev/blog/htb-tabby/Hack The Box Tabby writeup. Exploiting Local File Inclusion (LFI) to read Tomcat configuration files and extract sensitive credentials.Fri, 03 Apr 2026 19:26:00 GMTXSS Noteshttps://grindlab.dev/blog/cross-site-scripting/https://grindlab.dev/blog/cross-site-scripting/Comprehensive notes and practical examples covering Cross-Site Scripting (XSS) vulnerabilities and payloads.Tue, 27 Jan 2026 07:42:00 GMTWeb Fuzzing Noteshttps://grindlab.dev/blog/web-fuzzing/https://grindlab.dev/blog/web-fuzzing/Notes on discovering hidden web directories and parameters using fuzzing tools like ffuf, feroxbuster, and gobuster.Mon, 26 Jan 2026 00:02:00 GMTSetup Android Hacking Lab on Arch Linux with Frida and Burpsuitehttps://grindlab.dev/blog/setup-lab/https://grindlab.dev/blog/setup-lab/Step-by-step guide to configuring a robust Android hacking lab on Arch Linux using Frida, Burpsuite, and AVD.Wed, 14 Jan 2026 13:24:00 GMTHTB Eighteenhttps://grindlab.dev/blog/htb-eighteen/https://grindlab.dev/blog/htb-eighteen/Hack The Box Eighteen writeup. Exploiting MSSQL impersonation, extracting hashes, and WinRM password spraying for initial foothold.Fri, 19 Dec 2025 23:20:00 GMTHTB Expresswayhttps://grindlab.dev/blog/htb-expressway/https://grindlab.dev/blog/htb-expressway/Hack The Box Expressway writeup. Enumerating UDP port 500 for IKE/IPSec, cracking PSK, and exploiting a custom sudo vulnerability (CVE-2025-32463) for root.Fri, 05 Dec 2025 17:39:00 GMTHTB Cheat Sheethttps://grindlab.dev/blog/htb-cheatsheet/https://grindlab.dev/blog/htb-cheatsheet/A curated collection of essential payloads, commands, and resources for Hack The Box and general penetration testing.Fri, 05 Dec 2025 00:01:00 GMTNyoba LLMhttps://grindlab.dev/blog/llm-from-scratch/https://grindlab.dev/blog/llm-from-scratch/Personal study notes and code explanations based on Build a Large Language Model (From Scratch) by Sebastian Raschka.Thu, 21 Aug 2025 05:18:00 GMTManual Crafting Shellcodehttps://grindlab.dev/blog/manual-craft-shellcode-injection/https://grindlab.dev/blog/manual-craft-shellcode-injection/A deep dive into suffering: manually crafting a custom 'cat /flag' shellcode in assembly from scratch.Sun, 10 Aug 2025 00:00:00 GMTChallenge Semalam Belajar Tanpa AI - Day 4https://grindlab.dev/blog/challenge-no-ai-day-4/https://grindlab.dev/blog/challenge-no-ai-day-4/Day 4 of the No-AI challenge: analyzing the Obfuscated malware challenge and verifying file hashes.Tue, 05 Aug 2025 00:00:00 GMTChallenge Semalam Belajar Tanpa AI - Day 3https://grindlab.dev/blog/challenge-no-ai-day-3/https://grindlab.dev/blog/challenge-no-ai-day-3/Day 3 of the No-AI challenge: focusing on initial malware analysis and malicious script deobfuscation.Sun, 03 Aug 2025 00:00:00 GMTChallenge Semalam Belajar Tanpa AI - Day 2https://grindlab.dev/blog/challenge-no-ai-day-2/https://grindlab.dev/blog/challenge-no-ai-day-2/Day 2 of the No-AI challenge: exploring blue team tactics, DFIR, and network forensics using Wireshark.Fri, 01 Aug 2025 00:00:00 GMTChallenge Semalam Belajar Tanpa AI - Day 1https://grindlab.dev/blog/challenge-no-ai-day-1/https://grindlab.dev/blog/challenge-no-ai-day-1/Day 1 of my personal challenge: diving into memory corruption and pwn concepts entirely without AI assistance.Thu, 31 Jul 2025 00:00:00 GMTReturn Oriented Programminghttps://grindlab.dev/blog/rop/https://grindlab.dev/blog/rop/Learning binary exploitation through Return Oriented Programming (ROP), focusing on POP RDI gadgets and execution flows.Tue, 29 Jul 2025 00:00:00 GMTIntroduction To Shellcode Injection with Shellcrafthttps://grindlab.dev/blog/basic-shellcode-injection/https://grindlab.dev/blog/basic-shellcode-injection/A beginner-friendly guide to writing and injecting shellcode using Shellcraft for binary exploitation.Tue, 22 Jul 2025 07:06:00 GMTBuffer Overflow dan ret2winhttps://grindlab.dev/blog/buffer-overflow/https://grindlab.dev/blog/buffer-overflow/Detailed walkthrough and personal notes on solving basic buffer overflow and ret2win challenges.Fri, 18 Jul 2025 21:43:00 GMTPath Traversal Noteshttps://grindlab.dev/blog/path-traversal/https://grindlab.dev/blog/path-traversal/Security research notes and payload examples for identifying and exploiting Path Traversal (LFI/RFI) vulnerabilities.Wed, 16 Jul 2025 16:27:59 GMTDiv dan Modulus Dalam Bahasa Assemblyhttps://grindlab.dev/blog/div-modulo/https://grindlab.dev/blog/div-modulo/Exploring how integer division and modulo operations work at the low level in x86_64 assembly language.Sun, 22 Jun 2025 14:08:17 GMT