No AI was used to write this article It’s a wonderful summer day outside — the sun is shining, the birds are singing, the flowers are blooming, and yet you are stuck in front of a computer ...

Intro Time to drop my 5 cents on the topic of searching for hard-coded credentials. You might already be familiar with big names, like: trufflehog git-secrets gitleaks In my experience th...

Intro It’s that time of the year when I finally remembered my password from this website and started dumping notes from 2025. There is already a number of ways to do this through the third-party Ma...

Why I chose it This summer I’ve been poking around the cybersec communities for cloud security certifications with some actual hands-on knowledge that I could spend my learning budget on. I’ve hear...

There are more lessons to be learned from my Pipreqs dependency confusion Intro Just over two years ago I got sidetracked into a weird dependency confusion story while trying to get together ...

Intro Ever got that gnarly web app pentest with a session lifetime of 2 minutes, thinking it would take at most 15 minutes to set up the session rotation and then spent 4 hours trying to make five...

The backstory So… I’ve been in the field of Web PT for over 4 years so far, and I’ve always been frustrated with testing in Chrome compared to Firefox. You can bootstrap a fresh Firefox to work wi...

I’ve seen this topic come up a number of times since the BurpSuite 2023 was released, but it seems that the Google’s top search results still show outdated information. Since the release of new Bu...

Intro If you do source code reviews on a regular basis, you are bound to eventually stumble upon the use of pseudo-random number generators (PRNGs) to generate secrets like reset tokens or tempora...

Intro At the very start of the ML hype, I decided to look at some open-source bug bounty programs on the huntr.com platform. I ended up choosing the MLFlow program, as it had some interesting bugs...