Blog
Writing
Long-form, technical posts on offensive security, exploit development, Active Directory, methodology, and the tools I build along the way.
Fifty-Three Bytes: When the ELF Header Becomes Its Own Program
A forensic walk through the smallest functional ELF executable on Linux x86 — 53 bytes that is mathematically smaller than the 52-byte ELF header itself. Header overlap, the mul-ecx zeroing trick, the kernel checks that draw the modern floor, and what every static analyser in the room misses.
ELF, Binary Golf, Linux Kernel, Exploit Dev
Apr 29, 2026Active Directory Attack Paths: From Foothold to Domain Admin
A practical walk through a realistic Active Directory compromise — Kerberoasting, NTLM relay, ACL abuse, and DCSync — with BloodHound-style diagrams, the exact commands I run, and the detection signal each step generates.
Active Directory, Red Team, OSCP, Kerberos
Apr 12, 2026OSED Notes: Writing Custom Shellcode From Scratch
An OSED-flavoured walkthrough of building a working Windows x86 reverse-shell shellcode by hand — no msfvenom, no luck, just hash-based API resolution, manual PEB walks, and an annotated final blob.
OSED, Exploit Development, Shellcode, Windows
Mar 22, 2026Building Sqlhound: A Multithreaded SQLi Scanner That Doesn't Get Bored
Why I built my own SQL injection scanner instead of pointing sqlmap at a list, what the architecture looks like, and the three bugs that ate a week of my life.
Tooling, SQLi, Python, OSS
Feb 8, 2026How I Approach Real-World Pentests (Methodology + Toolkit)
My personal methodology for external + internal pentests — the phases, the tools per phase, the documentation cadence, and a worked example walking from recon to admin-panel takeover.
Penetration Testing, Methodology, Pentest
Dec 4, 2025Top 10 Penetration Testing Mistakes (And How To Avoid Them)
Ten mistakes I've watched junior pentesters make on real engagements — what each one looks like, the operational damage it causes, and the specific fix that makes it stop happening.
Penetration Testing, Career, Mistakes
Oct 18, 2025