Security Researcher · Web Exploitation

Hi, I'm Philip Dietzel.
I break in so they can't._

Independent offensive-security researcher behind Dietzel Security. I hunt web vulnerabilities, chain them into full compromise, and write up every machine end to end — each finding paired with a clear, verified fix.

Work with me See the writeups

pdietzel98@gmail.com github.com/bowligth linkedin.com/in/philip-dietzel

available for work

daily drivers Burp Suite Pro sqlmap nuclei ffuf semgrep BloodHound Nmap

HTB writeups

Hard

Top difficulty

CWES

Certified

Ethical

Disclosure

01 / About

Offensive security, done in the open

I'm an independent penetration tester and vulnerability researcher focused on web applications and APIs. My approach is hands-on and evidence-driven — no scanner dumps, no boilerplate.

Every engagement ends with findings your engineers can actually action: severity, CVSS, a working proof-of-concept, and a fix I verify on re-test. When I find something in software you depend on, I disclose responsibly and publish only once it's patched.

I document my work publicly through full HackTheBox writeups — recon to root — because the best way to prove you can break something is to show the exact path.

02 / Focus areas

Web Application SecurityOWASP Top 10, business-logic flaws, auth bypasses, and injection across the stack.

Exploitation & ChainingTurning small footholds into full compromise — PoC development and impact proof.

Security AutomationTooling and scripts that scale recon, scanning, and triage.

Secure Code ReviewWhitebox audits and secure-design review to catch issues before they ship.

03 / Writeups

HackTheBox writeups

Retired machines documented end to end — recon, exploitation, and root. Published after official retirement, per HTB's Terms of Service.

Hard Linux featured

Altered

Chains a client-side rate-limit bypass and PHP type juggling into UNION SQLi RCE, then roots via DirtyPipe (CVE-2022-0847).

rate-limit-bypassphp-type-jugglingunion-sqlidirtypipe

Read the Altered writeup

altered — recon → root

$ nmap -p- 10.129.227.109 # 22, 80 (nginx / Laravel) # phase 1 — rotate X-Forwarded-For to beat the limiter $ ./brute_pin.sh # PIN 3434 -> admin # phase 2 — PHP == juggling: secret=true bypasses HMAC GET /api/getprofile?id=0 UNION SELECT load_file()-- # INTO OUTFILE webshell -> www-data # phase 3 — kernel 5.16.0 vulnerable to DirtyPipe $ python3 dirtypipe_passwd.py $ su root2 && id # uid=0(root) -> root.txt _

EasyLinux

Editorial

SSRF into an internal API leaks credentials; privilege escalation through exposed git history and a GitPython RCE (CVE-2022-24439).

ssrfinternal-apigit-history

MediumLinux

Instant

Reverse-engineer an Android APK for a hardcoded JWT, abuse arbitrary file read, then decrypt Solar-PuTTY 3DES sessions for root.

apk-rehardcoded-jwtfile-read

EasyLinux

Trick

A DNS zone transfer exposes a vhost; an SQLi auth bypass and LFI filter bypass land a shell, then fail2ban group abuse yields root.

dns-axfrsqli-bypassfail2ban

All writeups on GitHub

04 / Tooling

Tools I build

Recon and triage shouldn't be manual. I write tooling that scales the boring parts — open-source on GitHub.

Shell open source featured

htb-recon

An automated reconnaissance script for HackTheBox and pentest targets. Chains nmap, DNS zone transfers, whatweb, and ffuf/gobuster into one ordered workflow, organizes every result per machine, and gracefully skips any tool you don't have installed.

nmapdns-axfrwhatwebffufvhost-fuzzingbash

Run it: ./htb-recon.sh 10.129.227.109 altered → results in ~/htb/altered/recon/

View on GitHub

htb-recon — pipeline

$ ./htb-recon.sh 10.129.227.109 altered [*] nmap — all TCP ports + services [+] 22/tcp ssh 80/tcp http (nginx) [*] dig — DNS zone transfer [+] vhost: dev.altered.htb [*] whatweb — tech fingerprint [+] Laravel · PHP · nginx [*] ffuf — dirs + vhosts [+] /admin /api /backup [✓] saved -> ~/htb/altered/recon/ _

phase 01

Port & service scan

Full TCP sweep with nmap, then a targeted deep scan for service and version fingerprints.

nmap

phase 02

DNS & vhosts

Attempts a dig zone transfer and fuzzes virtual hosts to surface hidden subdomains.

digffuf

phase 03

Web enumeration

whatweb fingerprints the stack; ffuf/gobuster brute-forces content per open port.

whatwebgobuster

Certifications & tooling

HTB Certified Web Exploitation Specialist

CWES is Hack The Box's advanced certification for real-world web application exploitation — chaining injection, authentication, and business-logic flaws into full compromise against hardened, modern targets.

HTB CWES HTB Pro

Daily drivers: Burp Suite Pro · sqlmap · nuclei · ffuf · semgrep · BloodHound. Methodology aligned to OWASP WSTG & PTES.

pdietzel98@gmail.com

Let's find it before they do.

Tell me about your stack and timeline — I'll come back with a scope and a fixed quote within two business days.

Email me Connect on LinkedIn

Hi, I'm Philip Dietzel.I break in so they can't._