Data Exfiltration in Modern Environments: A Comprehensive Threat and Defense HandbookSep 10, 2025·41 min read
Protocol Zero: Securing Agentic AI and the Model Context Protocol (MCP)A Security Architecture for Autonomous Agents, From Prompt Injection to Remote Code ExecutionFeb 6, 2026·23 min read
Istio Service Mesh Security: Best Practices, Misconfigurations, and Real-World DeploymentAug 21, 2025·29 min read
Offensive Container Security: Techniques, Misconfigurations, and Attack PathsExplore real-world misconfigurations, container escape techniques, Kubernetes privilege escalation, CI/CD attack vectors, and persistent threats.May 17, 2025·15 min read
Cloudflare Security: Addressing Image Resizing Misconfiguration & RiskIdentifying Vulnerabilities and Implementing Robust Security Measures for Cloudflare's Image Resizing Function Introduction: During a recent penetration test for one of my clients, I discovered a significant vulnerability related to Cloudflare’s imag...Jul 4, 2024·3 min read
Offensive Kubernetes: Pentesting from the InternetStrategies and Techniques for Identifying and Mitigating External Threats to Your Kubernetes ClusterJun 30, 2024·4 min read
Exposed: A Real-World Case Study of PII Data LeakThe Dark Side of Data, Revealing a Chilling PII Data ExposureJun 9, 2024·3 min read
Breaking Point: How Browser Breakpoints Can Unmask Encryption and Compromise SecurityUnveiling the Risks of Client-Side Encryption: Insights and RemediationMay 7, 2024·6 min read
Peeling Back the Layers: Unmasking Hidden Secrets in JavaScript CodeHey there! Today, let's go on a little adventure into the world of website secrets. Imagine this: if you add ?_debug=1 to the end of a JavaScript(.js) page's address, it's like unlocking a hidden door. We'll explore a cool security trick that makes a...May 5, 2024·2 min read
