Sharing notes from my ongoing learning journey — what I build, break and understand along the way.
OWASP Top 10 – A03: Injection What Is Injection? Injection is a broad class of attack where untrusted data is sent to an interpreter (such as a database, command line, or XML parser) as part of a command or query.…
OWASP Top 10 – A02: Cryptographic Failures What Is Cryptographic Failure? Cryptographic Failures (formerly known as “Sensitive Data Exposure”) refer to the misuse, misconfiguration, or complete absence of encryption and cryptographic protocols in systems handling sensitive data. It means your…
OWASP Top 10 – A01: Broken Access Control What Is Broken Access Control? Broken Access Control occurs when an application fails to enforce proper restrictions on what authenticated users are allowed to do. In other words, users can perform actions…
Static vs Dynamic Malware Analysis When I first got into malware analysis, it seemed a bit overwhelming. I imagined I’d need to be some kind of reverse engineering wizard fluent in assembly. But what helped me get started was learning…
We often hear that every device has a unique MAC address — like a fingerprint. But what if I told you it’s not only possible, but trivially easy, to fake that identity? When I started diving into network security, I…
Learning Python – Post 7: If-Else, For Loops, and Putting It All Together Tonight was about bringing things together. I started exploring conditions (if, else, elif) and moved into loops — especially the for loop combined with range(). These two…
What Is a Network Topology? Recently, I started learning about computer networks, and one of the topics that really caught my attention was network topologies. These are basically the ways devices (like computers, printers, etc.) are connected to each other…
Identifying WordPress Plugin Vulnerabilities Using SearchSploit When maintaining a WordPress site, we often focus on keeping the core up to date. However, the real risk may lie within third-party plugins. In this post, I’ll demonstrate how to use SearchSploit, a…
Simulating WordPress Brute-Force Attacks with Hydra – Full Lab Walkthrough In this post, I’ll walk through how to simulate a brute-force login attack on a WordPress installation using Hydra, a powerful and flexible password-cracking tool. This was done in a…
Scanning WordPress with WPScan – A Realistic Pentest Walkthrough In this post, I’ll walk through how I used WPScan to assess a WordPress installation in a controlled pentest lab environment. The goal? Understand what WPScan reveals, identify common WordPress misconfigurations,…