Security insights, technical deep dives, and learning journeys from the frontlines of cybersecurity
A systems-first approach to offensive security: building depth through fundamentals, tooling discipline, and principled execution. This manifesto covers malware engineering foundations, API security focus, AI augmentation, and responsible vulnerability research.
Redacted full-depth lab report: SSRF vulnerability in EC2-hosted web app leading to IAM role credential disclosure and cloud identity compromise.
Two-part series: SQL injection, privilege escalation, and 15 other vulnerabilities that would let attackers own a banking operation.
Deep dive into fileless shellcode loader evasion techniques - complete technical breakdown with obfuscation, API hashing, and syscall injection.
APISEC UNI course review and VAPI hacking walkthrough - conquering OWASP Top 10 API vulnerabilities from IDOR to SQL injection.
Practical OSINT techniques for penetration testing across multiple domains - from web reconnaissance to cloud identity attacks and mobile app analysis.
Exploring the dual nature of APIs - from seamless data exchange to potential weaponization in cybersecurity. A deep dive into Windows API, memory manipulation, and API hooking techniques.
Exploring current trends and developments in the technology landscape.
An introduction to my blogging journey and what to expect from this space.
Brief insights into banking security challenges.