About

About

Who Am I?

Hello, I’m Elimane Juuf! I am a passionate cybersecurity enthusiast, focused on mastering penetration testing. Currently, I am learning through hands-on challenges on platforms like Hack The Box and diving deep into various aspects of hacking like web exploitation, network exploitation, privilege escalation, and more. I’m constantly improving my skills and sharing tips and resources here for anyone on a similar journey.

My Mission

I aim to enhance my skills in penetration testing, bug bounty hunting, and security research. Through my website, I want to share what I’ve learned, give back to the community, and document my progress as I tackle new challenges.

Hacking Tips & Tricks

Tip 1: Web Exploitation

When testing for vulnerabilities, always use a combination of automated tools (like nikto or gobuster) and manual techniques to ensure thorough enumeration.

Tip 2: Privilege Escalation

If you’re stuck on privilege escalation in Linux, always check for world-writable files and directories that may have SUID/SGID set. These are often overlooked but can be critical for privilege escalation.

Tip 3: Networking

When conducting network-based exploitation, remember to scan for open ports on both IPv4 and IPv6 interfaces, as some attackers forget to check the latter.

Tip 4: Reverse Shells

Always test reverse shells locally before deploying them. Using a tool like netcat or socat helps you identify potential issues before the target machine.

Tip 5: Tools and Resources

SecLists is an excellent resource for wordlists. Always make sure you’re using the most up-to-date wordlists for password spraying, directory brute-forcing, and other enumeration tasks.

Additional Resources

Here are some resources I highly recommend:

  • Hack The Box – A great platform to improve your penetration testing skills.
  • OWASP Cheat Sheet Series – A comprehensive guide to various web application security topics.
  • TryHackMe – Another fantastic platform for CTFs and learning security concepts.
  • PentesterLab – A great place to get hands-on with web application security.
  • Hack In The Box – A well-known cybersecurity event series that also provides training.

Stay Tuned!

I’m constantly adding more tips, tutorials, and content to this site. Be sure to follow me for more on penetration testing and bug bounty hunting.