It's been about six months since my first post on this account. No fake "I'm back, bigger and better" energy here , just an honest update on where I've been and what's coming.
A small correction first In my intro post I described myself as coming from a QA / automation background. That's not wrong, but it's also not the full picture, and I want to set it straight before we go further. My main background is automation QA , that's where I have the most years and the deepest experience. More recently, over the last several months, I've been working as a developer on both backend and frontend, which has rounded out my perspective a lot. I'm calling this out because it matters for what comes next. When I look at a web app vulnerability, I'm thinking like a tester and like a dev "how would I have caught this in QA, and how did this end up in the code in the first place?" That dual lens is going to show up in the walkthroughs.
Where I've been The posts from November weren't the start of a long silence , they were the start of a different kind of work. After that first post, I went heads-down on actually building the foundation instead of posting surface-level content. Here's what the last few months looked like: PortSwigger Web Security Academy: solved multiple labs across web vulns and a few other categories. I haven't been on PortSwigger for the last 3–4 months, but I plan to come back to it. HTB CPTS (Certified Penetration Testing Specialist) path on HackTheBox Academy: currently grinding through it, targeting the exam in fall/winter. Obsidian vault for pentest methodology: playbooks, knowledge base, lab notes. The kind of system I wish someone had handed me on day one. Real lab time: broken Metasploit installs, exploits that wouldn't fire, targets that didn't behave like the writeup said they would. The unglamorous part nobody posts about. None of that makes for flashy content. But it's the work, and it's the reason I finally have something worth sharing.
What's coming Two parallel tracks, no fixed schedule. I'll post when I have something worth posting. Track 1 : PortSwigger walkthroughs. Picking up where the first post left off. I'll be working through the multiple labs I've already solved, one at a time: what the vuln is, how I found it, what worked, what didn't, and how a dev should fix it. When I eventually return to PortSwigger for new labs, those will land here too. Track 2 : CPTS notes and lessons. Less walkthrough, more "here's what I learned and how I'd explain it to past-me." HTB Academy modules, methodology pieces, things that clicked after the third re-read.
Why I'm doing this Not to look smart. Not to build a "personal brand." I'm doing it because when I started, I had every resource in the world in front of me and zero idea what to do with them. I lurked, I bounced between tutorials, I followed paths that led nowhere. What changed things for me was finally getting some direction and I want to leave a trail for the next person who's where I was. If any of this helps one person stop lurking and start doing, that's enough. ~ b4dk4rm4sec