Sharing notes from my ongoing learning journey — what I build, break and understand along the way.
Identifying WordPress Plugin Vulnerabilities Using SearchSploit When maintaining a WordPress site, we often focus on keeping the core up to date. However, the real risk may lie within third-party plugins. In this post, I’ll demonstrate how to use SearchSploit, a…
Simulating WordPress Brute-Force Attacks with Hydra – Full Lab Walkthrough In this post, I’ll walk through how to simulate a brute-force login attack on a WordPress installation using Hydra, a powerful and flexible password-cracking tool. This was done in a…
Scanning WordPress with WPScan – A Realistic Pentest Walkthrough In this post, I’ll walk through how I used WPScan to assess a WordPress installation in a controlled pentest lab environment. The goal? Understand what WPScan reveals, identify common WordPress misconfigurations,…
Post 2 – Adding a Real Target to Your Pentest Lab: WordPress Site Setup After setting up the core of my pentesting lab, I wanted a real target to practice on. For that, I cloned my own WordPress site and…
Build Your Own Pentest Lab (No Experience Needed) I’ve always wanted a safe, realistic place to test out security tools — one where I could try things without risking any production systems or breaking anything live. This week, I finally…
Cryptography – Post 3: Discovering Argon2 Today I learned why even bcrypt — which I thought was solid — isn’t the end of the road for password hashing.Argon2 takes it further, and for good reason. Why Argon2? I already knew…
Learning Cryptography – Post 2: Hashing Passwords — The Right Way Hashing is a powerful tool — but when it comes to storing passwords securely, it’s not enough by itself. After digging deeper, here’s what I learned about the risks…
Cryptography – Post 1: Hashing Basics I’ve recently started diving into cryptography — not from the headlines, but from the ground up.I’m starting with hashing: what it is, how it works, and where it shows up in real systems. What…