Pinned
From Dorks to Defense: How I Secured Two CERT-In Hall of Fames
How targeted Google dorking on government domains uncovered SQL injection and XSS bugs that earned two CERT-In Hall of Fame recognitions.
2026
Deploy Your Own SSH Honeypot in 10 Minutes with ShardLure
My Honeypot Dashboard Was Lying to Me for Two Weeks (and I Wrote It)
I Built a Honeypot Framework, Deployed It for 5 Days, and the Internet Showed Up With Malware and Opinions
I Mass-Accepted SSH Logins for 48 Hours and Catalogued Everything That Walked In
SSH Under Siege: 30 Days of Brute-Force Telemetry on an Exposed VM 🌐
2025
From Shodan to SQLi: Hacking an Exposed Company Dashboard
Shellshock: The Bash Bug That Shook the Internet 🐚
NoSQL Injection: Exploitation Techniques and Attack Scenarios 💣
Business Logic: Broken. Wallet: Hacked. OTP: Bypassed.
Subdomain Takeover: When Your Own Domain Becomes Your Enemy 🕵️♂️
Mastering Nmap: The Ultimate Guide to Port Scanning
XSS Meets IDOR: A Double Vulnerability Story on a Learning Platform 🔥
Why IDORs Are Everywhere — And How to Find Them — Part I
How We Discovered a Stored HTML Injection in a Chatbot System 🕷️
SSRF: When Your Server Becomes a Nosy Hacker — Part 1
FlashCrawler v2.0 — The Hacker’s Browser-Powered, JavaScript-Crunching Web Crawler
Sweet Security Disaster: How I Could Verify Any Account on a Dessert Website 🍦
Rate Limiting: When Your Server Says Chill, Bro.
SQLMap: The Ultimate Guide to Automated SQL Injection Testing 💉
🕵️♂️ Google Dorks: The Power of Advanced Search Operators
The Silent Threat: Understanding Pre-Account Takeover Attacks 🕵️♀️
When Data Whispers Secrets: Understanding Sensitive Information Disclosure in Modern Systems 🔐
Understanding Reverse DNS (rDNS) — A Behind-the-Scenes Lookup