npts
Chaos Threat Actors: Why Corporations, Parents and Legal Systems Fail against Teenage Hackers
A discussion on Joe Tidy's "Ctrl + Alt + Chaos" and my takeaways. From the release of Julius Kivimäki to the rise of "Chaos-Evil" groups, I analyze company reactions to hacks, parents navigating the digital minefields and why the legal system might need a "cartel-style" overhaul.
insecure-deserialization
A 10/10: CVE-2025-55182 haunting React and Next.js
React2Shell seems to be the Log4Shell of the JavaScript world. We break down the unsafe deserialization in React's Flight protocol, why APT groups like Earth Lamia tried to exploit it instantly, and why your audit checklist needs to check for architectural integrity. Patch immediately!
owasp
Some Welcome Changes: Dissecting the OWASP Top 10 2025
See the complete breakdown of the new OWASP Top 10 list. Why Supply Chain (A03) and Misconfiguration (A02) displaced Injection, and how the new A10 (Exceptional Conditions) category defines modern AppSec risks in Cloud and AI environments. See the Migration Cheat Sheet for Builders and Pentesters.
blackhat
Road to Black Hat London 2025: The Trends and Talks on My Radar
We celebrate the launch of the new blog layout as I prepare to attend Black Hat Europe 2025, I present my highly curated technical agenda, focusing on critical research in enterprise exploitation, macOS malware, and hardware hacking.
ctf
Securing Silver: My 2nd Place Win at CYBERSECURITY CONFERENCE 2025 CTF in Mannheim
My first comprehensive CTF experience at the CYBERSECURITY CONFERENCE 2025 in Mannheim, where my colleague and I secured 2nd place! We dive into the learning, the race, and essential tips on how to truly prepare (and thrive) in a 24-hour CTF challenge.
artificial-intelligence
Statistical Dreams: The Intimate History of AI
From ancient automatons to the Transformer age, this is the story of how we taught machines to think. We'll dive into breakthroughs like the Perceptron, Backpropagation, and Attention, taking a critical look at AI's origins, its dangers, and where it's headed next.
insecure-deserialization
Python Deserialization Attacks Explained: How Hackers Exploit Pickle (and How to Defend)
Learn how Python deserialization attacks work, see a real Pickle exploit in action, and discover best practices to secure your code against remote code execution vulnerabilities.
htb
Breaking in before the VPN broke down - A Journey through Precious (HTB Writeup)
A full walkthrough of the Hack The Box machine "Precious"; from enumeration to exploitation, including a clever pdfkit command injection and Ruby YAML deserialization for root. With shell stabilisation and some VPN drama on the side.
htb
HTB Reset: From Log Poisoning to Root. Exploiting Tmux, Rexec and Misconfigured Sudo
A deep-dive into escalating from LFI to full root via log poisoning, named pipe reverse shell, misconfigured sudo permissions, and forgotten tmux sessions. Includes analysis of R-services (rexec, rlogin, rsh) and real-world command chaining.
regex
An Intro to Regex: The Hacker’s Guide to Pattern Matching
A hands-on, security-minded introduction to regular expressions - from simple matches to character classes, quantifiers, and real-world examples. Learn to wield regex like a precision tool for parsing, filtering, and hacking.
wargames
What I Learned from Bandit Wargames - Level 0-12 (And Why You Should Try It)
Learn practical Linux skills and command-line thinking through the first 12 levels of OverTheWire's Bandit wargame. Sharing lessons, strategies, and powerful command-line tools without spoiling solutions; perfect for aspiring ethical hackers, CTF players, and curious beginners.
exam-prep
A Small Prep Session: PortSwigger Beginner Labs
A short and focused session working through some beginner-level labs from PortSwigger, revisiting the fundamentals of web vulnerabilities like XSS, SQLi, and authentication bypasses.
exam-prep
Uni Exam Practice VM practice: more of LFI2RCE
In this university exam practice VM, I explored file upload handling, discovered a separate file inclusion point, and chained it with an uploaded webshell to gain remote command execution.
exam-prep
Test Exam: Penetration Testing Playbook 01
My personal playbook for my penetration testing test exam, covering all key steps from access via port forwarding to grabbing ALL 8 flags.
interview-prep
Interview Prep Series: Part Two – Technical Deep Dive & Groundwork
Digging into technical fundamentals and real interview questions to sharpen my baseline as a pentester. Inspired by Steflan Security’s interview cheat sheet & my 2nd Cirosec Interview
interview-prep
Interview Prep Series: Part One – Core Concepts & Confidence
Kicking off my interview prep journey with key phases of pentests, handling tricky questions, and building confidence under pressure.
carving
Forensics Challenge Day Three: Carving & Imaging
We dive into forensic imaging, the art of carving, and tools like dd, Foremost, and Scalpel;'essential skills for data recovery and deleted file analysis.
ad-challenge
The Final Part: Active Directory Journay Day Five: Building, Securing, and Managing a Domain
Day Five covers key AD admin tasks - user and group creation, GPO management, and domain joins; using PowerShell with a security-focused approach.
