Ramblings of a Professional Hacker
Join me on an engaging journey where I share professional methodologies, practical techniques, and real-world experiences in penetration testing and cyber defense. Whether you're an aspiring ethical hacker or a seasoned cybersecurity professional, you'll discover actionable strategies and innovative tactics to fortify digital security.
What This Notebook Is About
This is where I share what I learn doing offensive security for a living. I'm Drake Axelrod, an Offensive Security Engineer, and these notes are the working reference I wish I had when I was starting out. Methodology, tooling, real techniques, written the way I'd explain them to a colleague.
Latest and Recently Updated
The newest material first, including anything I've recently revisited.
Objection is a runtime mobile exploration toolkit built on Frida. It packages most of the boring stuff into a REPL, SSL pinning bypass, root detection bypass, IPC enumeration, file dumping, all without writing a hook.
Frida is the dynamic instrumentation toolkit I use on almost every mobile engagement. This is a working reference for installation, attaching to processes, writing hooks, and the patterns I reach for most.
Mobile application penetration testing for Android and iOS, covering static and dynamic analysis, runtime instrumentation with Frida and Objection, and bypassing common protections like SSL pinning and root detection.
Setting up a mobile pentesting environment for Android and iOS, choosing physical devices versus emulators, and the methodology I follow on every mobile engagement.
Deep dive into Access Control List exploitation in Active Directory, covering ACE permissions, BloodHound analysis, and practical attack paths for privilege escalation.
Detailed walkthrough of DnsAdmins privilege escalation through DLL injection into DNS service, covering exploitation, cleanup, and mitigation strategies.
In-depth exploration of Net-NTLMv2 relay attacks for lateral movement and privilege escalation, including SMB and LDAP relay scenarios with Responder and ntlmrelayx.
Practical security controls for AI systems, technical, administrative, and operational measures to reduce risk across usage, application, and platform layers.
Browse by Category
Pick a domain and dig in. Counts reflect what's currently published.
Web Applications
13SQL injection, XSS, CSRF, auth bypass, business logic flaws, and other web vulnerabilities.
Active Directory
8Kerberoasting, AS-REP roasting, NTLM relay, ACL abuse, ticket attacks, and DNSAdmins exploitation.
Windows
17Windows privilege escalation, group exploitation, service hijacking, and system hardening.
Linux
12Linux privilege escalation, sudo misconfigurations, capabilities, cron and wildcard abuse, hardening.
Network Protocols
9SMB, FTP, SSH, RDP, DNS, SMTP, and WebDAV exploitation and reconnaissance.
Cloud
7AWS and Azure security assessments, IAM privilege escalation, S3 enumeration, and Entra ID attacks.
Containers
4Docker fundamentals, container escape techniques, and runtime hardening.
Mobile
4Android and iOS pentesting, Frida instrumentation, Objection runtime exploration, and SSL pinning bypass.
AI Security
3AI/ML security research, prompt injection, model exploitation, and AI security controls.
Defense Evasion
2EDR bypass, AV evasion, and security monitoring avoidance techniques.
Tools
12Cross-cutting reference for offensive tooling: Nmap, Impacket, BloodHound, Mimikatz, NetExec, and more.
What You Can Expect
- Penetration Testing Case Studies, real engagements, anonymized, with the techniques that actually mattered
- Tool Deep Dives, the workflows I use day to day, not the marketing version
- Cyber Defense Strategies, the other side of the same coin, what I'd want my blue team to know
- Reflections from the Field, how the work and the industry are changing, and what I think about it
My Cyber Journey
I started in cybersecurity during my Software Engineering studies, on an internship that threw me into vulnerability research and exploit development. From there I moved into a Junior Penetration Tester role and now work as an Offensive Security Engineer Consultant, leading assessments, mentoring, and continuing to learn at every step.
The Software Engineering background still shapes how I work. I think about control flow and architecture before I think about payloads, and a lot of the bugs I find come from understanding how the system was meant to work and where that intent broke down.
What Drives It
Vulnerability Analysis
I focus on finding the weak points in web apps, APIs, networks, IoT, mobile, and cloud, with a preference for understanding the system before attacking it.
Building My Own Tools
I rely on industry standards like Burp Suite, Metasploit, Nmap, and Wireshark, but I also write a lot of my own tooling in Go, Python, Rust, and Shell. Sometimes the right tool does not exist yet.
Problem Solving
The fun part is breaking down complex systems and finding the seam where the abstraction leaks. That is also where the interesting bugs live.
Disclaimer
Everything here is for educational purposes and is fully NDA compliant. Nothing confidential, proprietary, or sensitive from any engagement appears in these notes. The opinions and techniques are mine, drawn from anonymized or publicly available sources, and should not be taken as legal or professional security advice.
Let's Connect
If any of this resonates, or you want to talk shop, I'm reachable here:
- Email: [email protected]
- Portfolio: drakeaxelrod.com
- GitHub: github.com/drakeaxelrod
- LinkedIn: linkedin.com/in/drakeaxelrod
Final Thoughts
If this sounds like your kind of thing, check back. I keep adding to this notebook and it grows in the directions my work takes me. I hope it ends up being the resource I would have wanted when I was starting out.
Cheers to a secure and forward-thinking digital future,
Drake
Last updated on