Writing
Opinions, analysis, and insights from real engagements. No vendor fluff.
All Posts
AMSI Bypass Techniques: PowerShell and Beyond
Understanding and testing the Antimalware Scan Interface.
Read MoreEDR Evasion Fundamentals: Understanding Detection
How EDR solutions detect threats and principles for evasion testing.
Read MoreContainer Security: Breaking Out of Docker
Testing container security and common escape techniques.
Read MoreSQL Injection in 2025: Still Dangerous, Still Common
Why SQL injection persists and how to find it in modern applications.
Read MoreXSS in Modern Applications: Beyond Basic Payloads
Finding XSS in React, Angular, and other modern frameworks.
Read MoreAWS Security Testing: IAM, S3, and Beyond
Key areas to focus on when testing AWS environments.
Read MoreAzure AD Security: Common Misconfigurations
Security issues in Azure Active Directory deployments.
Read MoreGraphQL Security: Beyond REST Vulnerabilities
Unique security challenges in GraphQL implementations.
Read MoreJWT Security: Common Mistakes and How to Exploit Them
Testing JSON Web Token implementations for security flaws.
Read MoreSSRF Attacks: Making Servers Attack Themselves
Server-Side Request Forgery and its impact on cloud environments.
Read MoreExplore More
Read my expertise pages, research, or prepare for a pentest.