Ali Dak

Journey

Launching products, shipping fast, building revenue from scratch — all documented publicly.

Vulnerable machines built for OffSec Proving Grounds:

CVE-2024-53376 Feb 2025

Command injection in CyberPanel 2.3.7 — exploit the phpSelection field via intercepted HTTP requests to gain a root reverse shell.

View on OffSec →

Leyla Dec 2024

SSTI exploitation + WordPress plugin flaw (CVE-2024-8352). Directory traversal in Social Web Suite plugin for privilege escalation to root.

View on OffSec →

Jordak Sep 2024

Exploiting CVE-2023-26469, privilege escalation via SUDO permission abuse for unauthorized access.

View on OffSec →

Vmdak Aug 2024

Web enumeration & exploitation, MySQL enumeration, and privilege escalation techniques.

View on OffSec →

About

Security researcher with 3+ years in web & mobile pentesting, Active Directory exploitation, and network assessments. Electronics & telecom engineering background.

OSCP certified. Built vulnerable machines for OffSec. Created automated security tools for professional engagements.

Now building SaaS products as an indie hacker — shipping fast with vibe coding and learning in public.

Newsletter

Stay in the loop

Security research, indie hacking, and building in public — straight to your inbox.

Subscribe

VulnTracker.io

LandingVideo.com

autowsdl

$2,281 in 7 Days

Vulnerable Machines I've Built

Stay in the loop