-
Exploiting SSRF in a modern cloud environment
Chaining SSRF with a metadata service misconfiguration to exfiltrate IAM credentials during a pentest.
2 min read -
Building a zero-dep CLI arg parser in Go
Design of a minimal, composable argument parser — no cobra, no viper, no surprises.
2 min read -
HTB — reversing a custom VM in 3 hours
Full breakdown of the 'VM-ware' HackTheBox challenge: opcode table, emulator, exploit chain.
2 min read -
Why I ported my TUI tools from C to Zig
Comptime, build ergonomics, and no hidden allocations. The migration that was actually worth it.
2 min read