Sharing notes from my ongoing learning journey — what I build, break and understand along the way.
OWASP Top 10 – A01: Broken Access Control What Is Broken Access Control? Broken Access Control occurs when an application fails to enforce proper restrictions on what authenticated users are allowed to do. In other words, users can perform actions…
Static vs Dynamic Malware Analysis When I first got into malware analysis, it seemed a bit overwhelming. I imagined I’d need to be some kind of reverse engineering wizard fluent in assembly. But what helped me get started was learning…
We often hear that every device has a unique MAC address — like a fingerprint. But what if I told you it’s not only possible, but trivially easy, to fake that identity? When I started diving into network security, I…
Identifying WordPress Plugin Vulnerabilities Using SearchSploit When maintaining a WordPress site, we often focus on keeping the core up to date. However, the real risk may lie within third-party plugins. In this post, I’ll demonstrate how to use SearchSploit, a…
Simulating WordPress Brute-Force Attacks with Hydra – Full Lab Walkthrough In this post, I’ll walk through how to simulate a brute-force login attack on a WordPress installation using Hydra, a powerful and flexible password-cracking tool. This was done in a…
Scanning WordPress with WPScan – A Realistic Pentest Walkthrough In this post, I’ll walk through how I used WPScan to assess a WordPress installation in a controlled pentest lab environment. The goal? Understand what WPScan reveals, identify common WordPress misconfigurations,…
Post 2 – Adding a Real Target to Your Pentest Lab: WordPress Site Setup After setting up the core of my pentesting lab, I wanted a real target to practice on. For that, I cloned my own WordPress site and…
Build Your Own Pentest Lab (No Experience Needed) I’ve always wanted a safe, realistic place to test out security tools — one where I could try things without risking any production systems or breaking anything live. This week, I finally…
Cryptography – Post 3: Discovering Argon2 Today I learned why even bcrypt — which I thought was solid — isn’t the end of the road for password hashing.Argon2 takes it further, and for good reason. Why Argon2? I already knew…
Learning Cryptography – Post 2: Hashing Passwords — The Right Way Hashing is a powerful tool — but when it comes to storing passwords securely, it’s not enough by itself. After digging deeper, here’s what I learned about the risks…