Pentesting
In this planet, there are only two real jobs: doctor and lawyer.
Have you heard of pentesting?
What's that?
It's all about testing pens. If I drop a pen, does it break? If I open and close the cap repeatedly, will it easily wear out? What if I stab it into a piece of paper? Or rock? Or an apple? (In that case, we'd have an apple pen.)
That's it?
It's harder than it looks like.
When Hospitality Software is Too Hospitable (CVE-2026-21966, CVE-2026-21967)
An XSS Filter Bypass and a Curious SSRF in Oracle Hospitality OPERA
Reverse Engineering a Siemens Programmable Logic Controller for Funs and Vulns (CVE-2024-54089, CVE-2024-54090 & CVE-2025-40757)
When security by obscurity breaks...
Output-Invariant and Time-Based Testing – Practical Techniques for Black-Box Enumeration of LLMs
Abusing inherent context and sluggishness in LLMs for stealthy enumeration of prompt injection points.
5 Weekend Reads You Missed: BOOMlang v2, Blue Team Strikes Back, ET, CVSS 4.1, and DLLModules
Breaking news, awesome stuff happened!
Delay and Interactive Pause in Multi-Threaded Python
It's like musical chairs for threads (except no one gets left behind)!
12 Days of Christmas – Reflections from a Pentester
Secure Your Janky Systems, 2024 Edition
Automating Boolean-Based SQL Injection with Python
How to be efficiently lazy at finding hidden gems in predictable places – Database Edition
My OSCP Adventure — Lessons, Tips, and Thoughts
Reflections on my journey tackling one of the most rigorous exams in cybersecurity.
I'm now a Certified Offensive Waterblower!
Emotional penetration testing is no joke. Millions suffer each year.