Blog
Latest Articles
In-depth technical writeups, research findings, and practical guides on penetration testing, vulnerability research, and offensive security techniques.
The Ultimate Guide to Cybersecurity Frameworks: MITRE, OWASP, NIST, CWE/CVE, and Compliance
A detailed guide to the major cybersecurity frameworks, MITRE ATT&CK, OWASP, NIST, CWE/CVE, and compliance standards, and how they fit together to describe attacker behavior, weaknesses, vulnerabilities, and organizational security.
A Pentester's Guide to File Upload Vulnerabilities
Understanding file upload vulnerabilities from a pentester's perspective, including common pitfalls, attack techniques, and exploitation methods.
A Complete Guide to Access Control Vulnerabilities
A clear breakdown of access control vulnerabilities, untangling confusing terms like IDOR, BOLA, and BFLA, with real examples that show how they appear in modern applications.
A Strong Penetration Test Needs a Strong Report
Why a penetration test reaches its full value only when paired with a clear, actionable report that turns findings into real security improvements.
Web Application Penetration Tester eXtreme (eWPTXv3) Review
My eWPTX review: prep strategy, lab difficulty, exam workflow, and whether it's worth it for web app pentesting.
Mobile Application Pentest Tester (eMAPT) Review (Old Version)
A detailed review of the old version of the eMAPT certification, covering exam structure, and my personal experience earning it.
Practical Mobile Pentest Associate (PMPA) Review
A detailed review of the PMPA certification, covering exam structure, preparation tips, and my personal experience earning it.