/about
HolyGhost is an independent cybersecurity research blog. I take real bugs, real attacks, and real defences apart and write them up so other people can actually understand how they work.
Who is behind this
HolyGhost is the research handle of a security professional based in Australia. I work in offensive security as a penetration tester and consultant, I am OSCP certified, and my day to day is web, network, and cloud assessments. This site is where I write up independent research in my own time, play with modern web technologies, and share what I learn from CTFs and bug bounty work.
I do not call myself a legend or a master of anything. I just enjoy understanding how things break and helping other people get better at defending them. I keep my personal life and this handle deliberately separate, so you will find research here, not a biography.
What you'll find here
- Analysis.Clear breakdowns of known vulnerabilities, attack techniques, and other researchers' work, explained in depth so they make sense. I did not discover these, and I credit the original sources.
- Learn. Approachable lessons with no gatekeeping, for people getting into security. The stuff I wish someone had explained to me clearly.
- News.The occasional breakdown of a big disclosure while it's still fresh, translated out of press release speak.
The rules
Everything here is for defenders, researchers, and learners. I write about how attacks work because you cannot defend against something you do not understand. Only ever test systems you own or are explicitly authorised to assess.
Everything on this site is my own personal research and opinion. It does not represent, and is not endorsed by, any employer, client, or organisation I am associated with. See the legal and disclaimer page for the full terms.
Say hi
Found a mistake, want to argue about a technique, or have something you want explained? Reach out on X.