Start Here
Welcome to my little corner of the internet.
If you're here, you probably know me (or you're about to know me) as ShadowForge — the name I use when I’m a dark, underground, hoodie-wearing, Mr. Robot–inspired hacker ***.
In real life, I mostly respond to the name my two beautiful kids gave me: DAAAADYYYY! Why is...? Or, as my wife so elegantly puts it: Honey, can you...?
On the job, I’m Chief Kevin. As a veteran and senior NCO with 21+ years of experience — ranging from combat to combat support, and, for the last few years, IT — I’m now channeling that operational grit and technical experience into AppSec.
Getting into Web AppSec
My main goal here is to get you hyped about Web AppSec. I genuinely love this field, and I hope I can share some of that passion with you. Getting started can feel overwhelming, so on this page I’ll show you what I did to reach my goals and what I’m doing to keep learning.
CTFs
My writeups, mainly from https://bugforge.io, are here for you to browse. I try not to write step-by-step walkthroughs. Instead, I focus on methodology and the thought process while hacking.
If you read some of my solutions and maybe, once in a while, think: “Hmm… maybe I should write that down in my own notes.” then I’ve done my job.
Certs
Do not learn how to hack, hack to learn.
I came across that quote once, and honestly, I kind of agree. But let’s be real: you do need to learn some fundamentals before you can hack anything.
That’s where my certifications come in. I’m a firm believer in hands-on certs — you learn to hack by hacking.
I’ve passed:
Practical Web Penetration Associate (PWPA)
Practical Web Penetration Professional (PWPP)
Practical Web Penetration Expert (PWPE)
All three on my first attempt.
My reviews and experiences for these certs are also here for you to read.
Disclamer
This page is very much a work in progress 😉
*** At least on some CTFs this is true.
Last updated