Blog

Notes from the offensive side

Methodology, writeups, and hard-won lessons from breaking applications and building the tools to break them. This is the clearest picture of how I actually work.

Why every scanner misses your worst access-control bugs

Broken access control tops the OWASP list and generic DAST tools are structurally blind to it — because they only ever see one user. Here's why, and how a multi-identity engine fixes it.

Building hackz: an offline DAST scanner for air-gapped networks

What it takes to build a corporate vulnerability scanner that runs with zero outbound connections — and why building the tool made me a sharper manual tester.

Want this depth on your app?

The methodology in these posts is exactly what I bring to an engagement.

Book an assessment →