← Back to profile
 ____  ____  _____    _    ____ _   _ _        _    ____
| __ )|  _ \| ____|  / \  / ___| | | | |      / \  | __ )
|  _ \| |_) |  _|   / _ \| |   | |_| | |     / _ \ |  _ \
| |_) |  _ <| |___ / ___ \ |___|  _  | |___ / ___ \| |_) |
|____/|_| \_\_____/_/   \_\____|_| |_|_____/_/   \_\____/

Operative Certification · Phantom Track

This certifies that

0xm1sk

has completed the Phantom track in full — thirty-one public levels plus the classified graduation chain — and is hereby recognized as a BreachLab Phantom Operative. The holder has demonstrated end-to-end post-exploitation tradecraft on modern Linux and container infrastructure, including privilege escalation, persistence, lateral movement, container escape, and Kubernetes cluster compromise — and is field-ready for offensive security engagements.

Ghost was selection. Phantom was training. This is graduation. The real work starts now.

Track
Phantom
Date of graduation
2026-04-28
Credential ID
PHNM-8B12-C152-DE4A
Demonstrated competencies
  • Sudo abuse — env_keep, wildcard injection, sudoedit bypass
  • Linux capabilities — cap_setuid, cap_dac_read_search, cap_sys_ptrace
  • Local authentication service exploitation (polkit class)
  • Writable authority files — passwd, sudoers.d, cron
  • Container escape — docker socket, privileged flag, runtime CVEs
  • Kubernetes pod escape — hostPath, hostPID, nsenter chain
  • Kubectl-free cluster pivot and cloud metadata handoff
BreachLab Command
Operator certification authority
Issued 2026-04-28 · irrevocable

Verify at breachlab.org/u/0xm1sk/certificate/phantom