Abdelkader Notes

Abdelkader Notes is my public cybersecurity knowledge base — a place where I document web security techniques, CTF lessons, bug bounty methodology, hardening notes, payloads, and real-world security research.

It is opinionated, technical, and meant to be read in any order. If you arrive here looking for the “official” answer to a security question, this is the wrong site. If you want the version of the answer I would actually run in front of a real target, you are in the right place.

These notes evolve. Pages get rewritten when I learn the better way. If you spot something wrong, open an issue — that is the fastest way to fix it.

Start here

Web Security PHP Security Bug Bounty CTF Notes Active Directory OT Security Tools Payloads Methodology Checklists

How these notes are organised

Knowledge base — Topic-first sections (Web, PHP, Bug Bounty, CTF, AD, OT). Each page is short, focused, and survives being read alone.
References — Tools, payloads, methodology, and checklists. Stuff I reach for during an engagement.
Search — Hit Ctrl/⌘ + K to search every page, code block included.

Conventions

A Tip is something I wish I had known earlier.
A Warning is a footgun that has burned me or someone I know.
A Danger is something that breaks production. Read it twice.
Code blocks are copy-pastable. If they need redacting, I redact them before they ship here.

⚠️

Everything here is for authorised security work — research on systems you own, on programs that have invited you in, or in CTF environments. Use it outside that scope and you are the problem.

About

I am Abdelkader Belcaid (real name Mohammed Belcaid) — Security Researcher, CTF Player, Ethical Hacker, based in Beni Mellal, Morocco. Long-form posts and writeups live at abdelkader.ma. These notes are the working-memory version of that site.