Lib
Security research, writeups, and technical insights
HackTheBox: CodeTwo Writeup
Step-by-step walkthrough of the CodeTwo box on HackTheBox, including enumeration, exploitation, lateral movement, and privilege escalation.
Sanitize Without Losing Your Sanity: Keep Your Inputs and Mind Clear
A comprehensive guide on input sanitization best practices to protect applications from injection attacks while maintaining code clarity and developer sanity.
Anatomy of a Silent Threat: A Deep Dive into SQL Injection
An in-depth exploration of SQL injection vulnerabilities, attack vectors, and comprehensive defense strategies for modern applications.
TheHackSummit: Modern CTF & Red Teaming (Talk)
Presented at TheHackSummit in Poland on modern CTF, red teaming, and practical offensive security techniques.
Cyber Security Champions: ISS A/S (Talk)
Delivered a talk at ISS A/S in Porto for the Cyber Security Champions program, focusing on building a security culture and practical defense.
The DEVil is in the details - Common ways developers are exploited in the current threat landscape
A talk exploring the most common pitfalls and oversights that lead to developer-targeted attacks, with real-world examples and actionable defense strategies.
CTF Juice Shop
A hands-on session guiding participants through the OWASP Juice Shop CTF, highlighting common web vulnerabilities and exploitation techniques.
Technical session: XSS Attack and Defend
A technical deep dive into Cross-Site Scripting (XSS): how attackers exploit XSS vulnerabilities, real-world case studies, and practical defense mechanisms for developers and defenders.
NPM Incident: The Complete Incident Handling Process
A real-world use case detailing the response to an NPM supply chain incident: how proactive security measures kept us safe, the step-by-step incident handling process, and strategies to defend against future attacks.