Clear, detailed breakdowns of known vulnerabilities, attack techniques, and other researchers' work. I did not discover these, I explain them so you can understand how they actually work. Original sources are credited in each post.
A 2026 wave of BitLocker bypasses all abuse the same weak spot, the Windows Recovery Environment. Here is how the trust boundary breaks, why the fixes keep failing, and what actually protects your data.
Attackers did not break into thousands of networks one by one. They compromised a single software vendor's build process and let the trusted updates carry the backdoor in. A breakdown of the SolarWinds supply chain attack.
Server side request forgery turns a harmless looking URL input into a way to read a cloud instance's own credentials. Here is how the metadata endpoint becomes the prize, and why IMDSv2 changed the game.
A single string written into a log file could run attacker code on millions of servers. Here is how Log4Shell (CVE-2021-44228) worked, why it spread so far, and what it taught the industry about dependencies.
Any authenticated user in an Active Directory domain can ask for tickets that are effectively offline password hashes for service accounts. Here is how Kerberoasting works, why it is so reliable, and how to shut it down.
Modern processors guess ahead to go faster. Spectre and Meltdown showed that guessing leaves traces an attacker can read. A plain explainer of speculative execution side channels.
In Windows networks an attacker often does not need your password, just its hash. Here is how pass the hash works, why it powers lateral movement, and how to break the chain.
9 min read·#pass-the-hash#active-directory#windows
How a flaw in an ageing file sharing protocol, weaponised by a leaked intelligence exploit, spread ransomware across the world in hours. A breakdown of EternalBlue and MS17-010.
A missing length check in OpenSSL let anyone read chunks of a server's memory, including private keys and passwords. Here is how Heartbleed (CVE-2014-0160) worked and why it was so serious.
For years, Bash would run code smuggled into the end of an environment variable. Shellshock (CVE-2014-6271) turned that into remote code execution across a huge slice of the internet.
By adding ../ to a file path, an attacker can climb out of the intended directory and read files the application never meant to expose. Here is how path traversal works and how to block it.
9 min read·#directory-traversal#web-security#path-traversal
CSRF tricks a logged in user's browser into sending a real, authenticated request they never intended. Here is how it abuses the way browsers handle cookies, and how to shut it down.
If an application builds a system command out of user input, an attacker can smuggle in their own commands. Here is how OS command injection works and how to design it out.
11 min read·#command-injection#web-security#injection
XSS lets an attacker run JavaScript in another user's browser session, in the context of a site they trust. Here are the three types, what they enable, and how to stop them.
SQL injection turns a login box or search field into a way to read, change, or destroy a database. Here is how it works, the flavours it takes, and the one fix that actually stops it.
One of the oldest and most influential classes of vulnerability. How writing more data than a buffer can hold lets an attacker corrupt memory and seize control, and the defences that now stand in the way.
10 min read·#buffer-overflow#memory-corruption#exploitation
Turning saved data back into live objects sounds harmless. When the data comes from an attacker, it can lead to remote code execution. Here is how insecure deserialization works and how to avoid it.
XML has a feature that lets a document pull in outside content. Point it at a local file or an internal server and a helpful parser becomes a data leak. Here is how XML External Entity attacks work.