lowercasenumbers.xyz
Security research, penetration testing insights, and CTF writeups
About
hey, i'm lowercasenumbers. yes, i know numbers can't be lowercase, but here we are anyway.
I break things for a living—mostly web apps, networks, often my own PC, and recently my foot (long story). This site is where I dump technical write-ups, showcase projects that made it past the proof of concept code that was thrown together in a hurry, and occasionally blog about security things that are interesting enough to pull me away from my terminal.
Recent Posts
View all posts →Extra-SID Attack via the Inter-Realm Trust Key: Skipping the Golden Ticket
The well-documented Extra-SID attack uses the child krbtgt hash and routes through the child KDC. There's a second path that bypasses the child KDC entirely, using the inter-realm trust account hash to forge the referral ticket directly.
Mar 15, 2026
Why Joining an HTB Team Changed Everything
How joining a Hack The Box team turned occasional box solving into consistent competition, first blood, and a spot at the top of the leaderboards
Feb 17, 2026
Temporary Changes, Permanent Risks
Why 'just for testing' changes create real attack paths, and how attackers are always watching for that brief window of opportunity
Feb 16, 2026
From First Blood to Humbled: A Week in HTB
The highs and lows of penetration testing - from achieving first blood on Hack The Box to being humbled by the next release
Jan 27, 2026
NYC's Inauguration Device Ban: Security Theater in Action
Why banning Raspberry Pi and Flipper Zero at NYC's mayoral inauguration while allowing smartphones and laptops is textbook security theater
Dec 31, 2025
React2Shell: When Nation-State Hackers Move at Internet Speed
Within hours of disclosure, CVE-2025-55182 became the newest weapon in China and Iran's cyber arsenal
Dec 13, 2025