Whether you’re running one Kali VM across multiple HTB machines, client engagements, or exam attempts — you’ve probably felt the friction. Stale tools from a bad upgrade. Shell history from three engagements ago. That one /etc/hosts entry you forgot to clean up before starting a new client. BackTrack and Kali served me well for fifteen years, but the single-box model wasn’t built for the way modern operators actually work: concurrent engagements, strict data separation, reproducible environments, and zero tolerance for “it worked on my box.”

Every operator has the same dirty secret: a graveyard of unsaved scan output.

You ran NetExec against a subnet. Sprayed creds, got hits, saw Pwn3d! flash by. And then you realized you didn’t save it. Or you used --log but named it something useless and now it’s buried in the wrong directory alongside four other files with names you don’t recognize.

The Symptom

After adding a second Windows VM (DF-windows-jump on VLAN 20) alongside the existing DF-windows (VLAN 22) in my PivotLab range config, DF-windows kept ending up with DF-windows-jump’s IP address. Every deploy, ludus range status would initially show the correct DHCP IP for DF-windows, then it would silently flip to 10.2.20.221 – the static IP belonging to DF-windows-jump.

The hostname never changed. The static IP (10.2.22.60) was never applied. Deleting and redeploying didn’t help. Changing templates (win2019 to win2022) didn’t help. The collision persisted across every combination I tried.

Your terminal history is a biography.

Scroll through it and you’ll see exactly how someone thinks, what they prioritize, and where their attention actually lives.

Mine reads like this: move fast, automate relentlessly, tune the machine forever.

Fifteen years in offensive security, boiled down to a .zshrc file, a stack of carefully chosen tools, and a handful of non-negotiable habits.

This isn’t about fancy dotfiles for show — it’s the working setup that’s carried me through many engagements: the aliases born from repetition, the functions that collapse entire workflows, the integrations that turn raw output into instant insight.

This is where I put things worth keeping.

15 years in offensive security leaves you with a lot of notes, tools, techniques, and hard-won lessons scattered across drives and notebooks. This blog is the attempt to get it out of my head and into something useful — for me, and maybe for you.

Expect red team techniques, custom tooling, vulnerability research, and the occasional deep dive into something that broke in an interesting way. No filler posts. No rehashing what’s already been covered better elsewhere. If it’s here, it’s because it earned a place.