Sharing notes from my ongoing learning journey — what I build, break and understand along the way.
We often hear that every device has a unique MAC address — like a fingerprint. But what if I told you it’s not only possible, but trivially easy, to fake that identity? When I started diving into network security, I…
Learning Python – Post 7: If-Else, For Loops, and Putting It All Together Tonight was about bringing things together. I started exploring conditions (if, else, elif) and moved into loops — especially the for loop combined with range(). These two…
What Is a Network Topology? Recently, I started learning about computer networks, and one of the topics that really caught my attention was network topologies. These are basically the ways devices (like computers, printers, etc.) are connected to each other…
Identifying WordPress Plugin Vulnerabilities Using SearchSploit When maintaining a WordPress site, we often focus on keeping the core up to date. However, the real risk may lie within third-party plugins. In this post, I’ll demonstrate how to use SearchSploit, a…
Simulating WordPress Brute-Force Attacks with Hydra – Full Lab Walkthrough In this post, I’ll walk through how to simulate a brute-force login attack on a WordPress installation using Hydra, a powerful and flexible password-cracking tool. This was done in a…
Scanning WordPress with WPScan – A Realistic Pentest Walkthrough In this post, I’ll walk through how I used WPScan to assess a WordPress installation in a controlled pentest lab environment. The goal? Understand what WPScan reveals, identify common WordPress misconfigurations,…
Post 2 – Adding a Real Target to Your Pentest Lab: WordPress Site Setup After setting up the core of my pentesting lab, I wanted a real target to practice on. For that, I cloned my own WordPress site and…
Build Your Own Pentest Lab (No Experience Needed) I’ve always wanted a safe, realistic place to test out security tools — one where I could try things without risking any production systems or breaking anything live. This week, I finally…
Cryptography – Post 3: Discovering Argon2 Today I learned why even bcrypt — which I thought was solid — isn’t the end of the road for password hashing.Argon2 takes it further, and for good reason. Why Argon2? I already knew…
Learning Cryptography – Post 2: Hashing Passwords — The Right Way Hashing is a powerful tool — but when it comes to storing passwords securely, it’s not enough by itself. After digging deeper, here’s what I learned about the risks…