Blog

A short story about Artifact Registry reader access, container images, and why build history quietly leaks secrets.

How a tiny ptrace bird turned into a credential avalanche. The story of building Hawk, a lightweight Golang tool that silently intercepts SSH and sudo credentials in real time, and why it dominates in competitive red team exercises.

A research-driven look into how attackers construct phishing landing pages that mimic Microsoft federated login portals, and what defenders can do about it.

A step-by-step walkthrough of how I leveraged AI to analyze, understand, and exploit the Erlang SSH pre-authentication vulnerability (CVE-2025-32433) without any existing public proof of concept. Learn how AI is transforming vulnerability research and exploit development.

A case study on how a kernel vulnerability shattered assumptions about container security, exposing the need for deeper isolation and architectural redesign.

A deep dive into how adversarial attacks manipulate machine learning models, the types of evasion attacks, and real-world implications.