skills-lab
Zero to SaaS 01: Let's FINALLY understand Docker
I am reviving a failed university prototype and rebuilding it as my first SaaS. This first post strips away the mess of understanding of Docker, from the Copy-on-Write file system and layer caching to persistent volumes and container networking.
prospero
Docker CLI Cheatsheet
Now that you understand the theory of layers and volumes, here is how you actually talk to the Docker daemon. Think of this as your "Day 1" survival kit.
reverse-engineering
Learning Reverse Engineering: A Step-By-Step Series | Part 01
Dive with me into the fundamentals of reverse engineering. Learn about x86 assembly, CPU registers, the instruction pipeline, essential terms and concepts for your journey into reverse engineering.
npts
Chaos Threat Actors: Why Corporations, Parents and Legal Systems Fail against Teenage Hackers
A discussion on Joe Tidy's "Ctrl + Alt + Chaos" and my takeaways. From the release of Julius Kivimäki to the rise of "Chaos-Evil" groups, I analyze company reactions to hacks, parents navigating the digital minefields and why the legal system might need a "cartel-style" overhaul.
insecure-deserialization
A 10/10: CVE-2025-55182 haunting React and Next.js
React2Shell seems to be the Log4Shell of the JavaScript world. We break down the unsafe deserialization in React's Flight protocol, why APT groups like Earth Lamia tried to exploit it instantly, and why your audit checklist needs to check for architectural integrity. Patch immediately!
owasp
Some Welcome Changes: Dissecting the OWASP Top 10 2025
See the complete breakdown of the new OWASP Top 10 list. Why Supply Chain (A03) and Misconfiguration (A02) displaced Injection, and how the new A10 (Exceptional Conditions) category defines modern AppSec risks in Cloud and AI environments. See the Migration Cheat Sheet for Builders and Pentesters.
blackhat
Road to Black Hat London 2025: The Trends and Talks on My Radar
We celebrate the launch of the new blog layout as I prepare to attend Black Hat Europe 2025, I present my highly curated technical agenda, focusing on critical research in enterprise exploitation, macOS malware, and hardware hacking.
ctf
Securing Silver: My 2nd Place Win at CYBERSECURITY CONFERENCE 2025 CTF in Mannheim
My first comprehensive CTF experience at the CYBERSECURITY CONFERENCE 2025 in Mannheim, where my colleague and I secured 2nd place! We dive into the learning, the race, and essential tips on how to truly prepare (and thrive) in a 24-hour CTF challenge.
artificial-intelligence
Statistical Dreams: The Intimate History of AI
From ancient automatons to the Transformer age, this is the story of how we taught machines to think. We'll dive into breakthroughs like the Perceptron, Backpropagation, and Attention, taking a critical look at AI's origins, its dangers, and where it's headed next.
insecure-deserialization
Python Deserialization Attacks Explained: How Hackers Exploit Pickle (and How to Defend)
Learn how Python deserialization attacks work, see a real Pickle exploit in action, and discover best practices to secure your code against remote code execution vulnerabilities.
htb
Breaking in before the VPN broke down - A Journey through Precious (HTB Writeup)
A full walkthrough of the Hack The Box machine "Precious"; from enumeration to exploitation, including a clever pdfkit command injection and Ruby YAML deserialization for root. With shell stabilisation and some VPN drama on the side.
htb
HTB Reset: From Log Poisoning to Root. Exploiting Tmux, Rexec and Misconfigured Sudo
A deep-dive into escalating from LFI to full root via log poisoning, named pipe reverse shell, misconfigured sudo permissions, and forgotten tmux sessions. Includes analysis of R-services (rexec, rlogin, rsh) and real-world command chaining.
regex
An Intro to Regex: The Hacker’s Guide to Pattern Matching
A hands-on, security-minded introduction to regular expressions - from simple matches to character classes, quantifiers, and real-world examples. Learn to wield regex like a precision tool for parsing, filtering, and hacking.
wargames
What I Learned from Bandit Wargames - Level 0-12 (And Why You Should Try It)
Learn practical Linux skills and command-line thinking through the first 12 levels of OverTheWire's Bandit wargame. Sharing lessons, strategies, and powerful command-line tools without spoiling solutions; perfect for aspiring ethical hackers, CTF players, and curious beginners.
exam-prep
A Small Prep Session: PortSwigger Beginner Labs
A short and focused session working through some beginner-level labs from PortSwigger, revisiting the fundamentals of web vulnerabilities like XSS, SQLi, and authentication bypasses.
exam-prep
Uni Exam Practice VM practice: more of LFI2RCE
In this university exam practice VM, I explored file upload handling, discovered a separate file inclusion point, and chained it with an uploaded webshell to gain remote command execution.
exam-prep
Test Exam: Penetration Testing Playbook 01
My personal playbook for my penetration testing test exam, covering all key steps from access via port forwarding to grabbing ALL 8 flags.
interview-prep
Interview Prep Series: Part Two – Technical Deep Dive & Groundwork
Digging into technical fundamentals and real interview questions to sharpen my baseline as a pentester. Inspired by Steflan Security’s interview cheat sheet & my 2nd Cirosec Interview
