Liam Smydo

Cybersecurity Enthusiast

Hi, I’m Liam. This site contains my various cybersecurity projects, CTF write-ups, and labs, including detailed technical write-ups and different resources I find useful. Below, you’ll find some of my recent projects and CTF write-ups.

Recent

PSObfuscate - Build, encode, wrap, and deliver PowerShell payloads

16 March 2026·886 words·5 mins

Building PSObfuscate: A PowerShell Payload Builder for Operators Who Value Their Time

TryHackMe: RabbitStore

19 February 2026·1537 words·8 mins

A medium TryHackMe box chaining mass assignment, SSRF, and Jinja2 SSTI to gain initial access, then escalating to root by leveraging an exposed Erlang cookie to extract credentials from a misconfigured RabbitMQ service.

TryHackMe: Hammer

17 February 2026·1795 words·9 mins

A Medium Rated PHP web app challenge chaining exposed logs, OTP brute force via rate limit bypass, and JWT forgery to achieve remote command execution

TryHackMe: Include

10 February 2026·1825 words·9 mins

Medium difficulty web challenge focusing on server side vulnerabilities

TryHackMe: K2-Summit

5 February 2026·2471 words·12 mins

Hard Active Directory box Leverage credential reuse for initial access, identify a privileged user via BloodHound, hijack a scheduled script for lateral movement, then perform an RBCD attack to compromise the root domain controller

TryHackMe: K2-MiddleCamp

4 February 2026·2615 words·13 mins

Hard Active Directory environment consisting of enumeration, credential spraying, BloodHound analysis, privilege escalation via Backup Operators group

↑