SYSTEM ALERT — sakshambaral.com.np — ACTIVE MONITORING IN EFFECT
INTRUSION DETECTION ACTIVE
[SYS] Initializing visitor analysis... [NET] Resolving network info... [UA] Reading user agent... [SYS] Detecting OS & device... [GEO] Requesting geolocation... [GFX] Reading screen params... [I18N] Detecting language... [TZ] Detecting timezone... [SYS]
⚠ This site logs visitor metadata for security monitoring purposes. By continuing you acknowledge that basic session information may be collected. No passwords, personal data, or sensitive info is harvested. This is a personal security research portfolio.
00. Base 01. Intel 02. Writeups 03. Hacking Labs 04. Open Port
Web Security · Hacking Enthusiast

Obfuscator

Security Learner & CTF Player

Curious about how things break. Passionate about web security, penetration testing, and the art of thinking like an attacker. Always learning, always exploring the edge of what's possible.

Web Security CTF Pentesting OSINT Linux Python
▶ Writeups ⟡ Open Port
obfuscator@kali:~
┌──(obfuscator㉿kali)-[~] └─$ whoami obfuscator — security enthusiast   └─$ cat interests.txt → Web Application Security → CTF Competitions → Network Recon & OSINT → Exploit Development → Linux & Scripting   └─$ ls ./tools burpsuite nmap gobuster sqlmap metasploit   └─$
0Labs Done
0CTFs Played
0Writeups
0Platforms
01 // Intel

About the Operator

Just someone who finds breaking things more interesting than building them — and then documents every step of the process.

I spend my time on CTF platforms, reading writeups, trying out hacking labs, and learning how web applications and networks can be compromised. Security isn't just a skill to me — it's a mindset.

This space is where I share what I learn: lab walkthroughs, tool experiments, and random security notes. Nothing polished — just raw learning in public.

Currently based at sakshambaral.com.np — feel free to reach out.

Web App Security75%
Linux & Bash80%
Network Recon / OSINT70%
Python Scripting72%
CTF — Web / OSINT68%
Burp Suite65%
02 // Writeups

Technical Writeups

⟡ Featured
Web App
XSS to Account Takeover: Hunting Stored XSS in a Login Flow
A walkthrough of discovering and chaining a stored XSS vulnerability in a login page that ultimately led to session token theft and account takeover — all in a legal bug bounty environment.
2025-10-12
xsssessionburp
Read Writeup
Web App2025-09-04
SQL Injection 101 — From Error Messages to DB Dump
Breaking down a classic SQLi vulnerability found in a HackTheBox machine, from initial discovery to full database extraction using manual and sqlmap techniques.
sqlisqlmaphtb
Read
OSINT2025-08-20
Recon Like a Pro: My Passive Footprinting Workflow
How I build a target profile using only passive techniques — certificate transparency logs, Shodan, WHOIS history, and metadata extraction from public documents.
osintreconshodan
Read
Linux2025-07-15
Privilege Escalation via SUID Binaries — TryHackMe Notes
Notes from grinding through TryHackMe's privilege escalation path — covering SUID abuse, cron job exploitation, and PATH hijacking techniques.
privesclinuxthm
Read
Web App2025-06-30
Broken Access Control — IDOR in a REST API
Finding and exploiting IDOR vulnerabilities in a REST API by manipulating user IDs in requests — a common and underrated finding in web app pentesting.
idorapiowasp
Read
Tools2025-05-18
Building a Simple Port Scanner in Python from Scratch
Writing a lightweight multithreaded port scanner in Python — understanding how tools like nmap work under the hood by building a minimal version yourself.
pythonnetworkingtools
Read
03 // Hacking Labs

Lab Compromises

🔴
HackTheBox — Starting Point
HackTheBox · Beginner
Working through HTB's Starting Point machines. Learning enumeration, basic exploitation, and post-exploitation fundamentals in guided lab environments.
12
Machines
Ongoing
Status
● BEGINNER
🟠
TryHackMe — Learning Paths
TryHackMe · Multiple Paths
Completed Web Fundamentals, Jr Pentester, and Privilege Escalation paths. Hands-on rooms covering OWASP Top 10, Linux privesc, and basic exploitation.
8
Paths
70%
Done
● MEDIUM
🟡
PortSwigger Web Academy
PortSwigger · Web Security
Grinding through PortSwigger labs — SQL injection, XSS, SSRF, CSRF, XXE, and business logic vulnerabilities with interactive browser-based challenges.
45%
Complete
210
Total Labs
● INTERMEDIATE
CTF Competitions
Various · picoCTF, CTFtime
Participated in beginner-friendly CTF events. Focused on web, OSINT, and misc categories. Learning to think creatively under time pressure.
12
Events
Web/OSINT
Focus
● ONGOING
🔵
VulnHub — Offline Machines
VulnHub · Local VM Practice
Running VulnHub VMs locally for offline practice. Good for understanding older CVEs, manual exploitation, and building lab environments from scratch.
6
Machines
Local
Setup
● HARD
🛠
Tool Experiments
Personal · Always Ongoing
Testing and documenting security tools — nmap, gobuster, burp, hydra, ffuf. Building small automation scripts to speed up recon and enumeration workflows.
15+
Tools
Ongoing
● LEARNING
04 // Open Port

Establish Connection

// Port is open. Send your packet. Response time ≈ 24–48h.

Available Channels
GitHub
github.com/sakshambaral
𝕏
Twitter / X
@obfuscator_sec
in
LinkedIn
Saksham Baral
Email
saksham@proton.me
Note
Open to collaborations, learning discussions, and CTF teaming. Not available for anything illegal or unethical.
COMPOSE PACKET — /dev/tcp/obfuscator/443
// This form sends directly to my inbox. No spam, no bots — just real messages.