How I exploited and fixed blind SQLi
Recon → boolean-based exfiltration → parameterized fix.
Blog
DFIR timeline basics: finding the signal
Timelines, IoCs, and communicating clearly during incidents.
Threat modeling for student projects
Simple STRIDE-style walkthroughs that actually get used.
From Python CLI to Flask mini-app
Evolving a small CLI (like Hospital Manager) into a web UI.
Setting up a safe home lab for AppSec
Isolated networks, images, and safe targets.