Blog
Deep dives into security research, vulnerability analysis, and offensive methodology. Writing is how I validate understanding and share knowledge.
Offensive Security as Systems Engineering
I approach offensive security as systems engineering—not as a collection of tools or techniques, but as a discipline of understanding complex systems and their failure modes.
Read article →Sneaky Shellcode Shenanigans: Windows Defender-Dodging Loader
Deep dive into fileless shellcode loader evasion—API hashing, encrypted payloads, and direct syscalls. The research behind Beulah Intrusion.
Read article →I HACKED A BANK: 17 Critical Vulnerabilities
A comprehensive security assessment revealing SQL injection, SSRF, privilege escalation, race conditions, and complete attack chains in a banking application.
Read article →CWL Cloud Breaker — SSRF → EC2 Role Impact
How a tiny input-validation slip in a server-side fetch feature led to catastrophic cloud identity compromise through SSRF and IAM credential extraction.
Read article →I Took a Hacking Course So I Decided to Hack
APISEC UNI course review and VAPI hacking walkthrough—exploiting OWASP Top 10 API vulnerabilities from BOLA to SQL injection.
Read article →OSINT Techniques for Web, API, Cloud, and Mobile
Practical reconnaissance methodology across four domains. Converting passive intelligence gathering into valid attack vectors.
Read article →APIs: Friend or Foe
Exploring the dual nature of APIs—from seamless data exchange to potential weaponization. Windows API manipulation, DLL injection, and API hooking.
Read article →Technology Today
Exploring the digital landscape—from AI ethics to cybersecurity challenges. The double-edged sword of our connected world.
Read article →My First Post
Hello world. The beginning of my security research journey and what to expect from this blog.
Read article →