Behrad Taher
Behrad Taher

Security Engineer
Just writing things down so I don't forget them

Latest writing

Building a Headless Browser Exploit with Claude Opus 4.6
February 9, 2026 Building a Headless Browser Exploit with Claude Opus 4.6 How Claude Opus 4.6 discovered and exploited a heap buffer overflow in PhantomJS, from source code analysis to a working proof-of-concept.
Hunting for Deserialization Gadgets in the Rails Ecosystem
February 1, 2026 Hunting for Deserialization Gadgets in the Rails Ecosystem Walking through the process of identifying a deserialization gadget chain commonly available in Ruby on Rails applications.
Unsafe Reflection Vulnerabilities
January 27, 2026 Unsafe Reflection Vulnerabilities How unsafe reflection turns user input into arbitrary class instantiation, from the mechanics of CWE-470 to exploitation and prevention across Java and Ruby.
DNS Rebinding Attacks Against SSRF Protections
December 17, 2025 DNS Rebinding Attacks Against SSRF Protections How DNS rebinding bypasses common SSRF protections by exploiting the gap between DNS resolution and connection time, with practical attack techniques and defenses.
OSWE: 5 Years Later
December 4, 2025 OSWE: 5 Years Later A retrospective on the Offensive Security Web Expert certification five years later, and how its open-box methodology shaped my approach to application security.
Sandboxing Code Execution
June 11, 2022 Sandboxing Code Execution Practical approaches to sandboxing untrusted code execution, balancing security controls with engineering pragmatism.
Threat Modeling Modern Applications - An Interview Guide
May 27, 2022 Threat Modeling Modern Applications - An Interview Guide Interview prep for threat modeling and secure design rounds, with worked examples
Building Custom Detection Signatures (SAST)
March 5, 2022 Building Custom Detection Signatures (SAST) Writing custom Semgrep rules to detect application-specific vulnerabilities that generic SAST tools miss, with real-world examples and pattern design.
Java Deserialization Vulnerabilities
February 18, 2022 Java Deserialization Vulnerabilities Understanding Java deserialization from serialization internals to exploitation, with a walkthrough of using ysoserial gadget chains to achieve RCE on Apache OpenMeetings.
Automating DAST Scanning with OWASP ZAP
January 19, 2022 Automating DAST Scanning with OWASP ZAP Setting up authenticated OWASP ZAP scans in Docker with session handling and Slack reporting.
SSTI In Python Frameworks
December 2, 2021 SSTI In Python Frameworks Exploiting Server-Side Template Injection in Jinja2 and Django, from MRO traversal to remote code execution, with detection and prevention strategies.
Discovering a Blind SQL Injection: Whitebox Approach
November 5, 2021 Discovering a Blind SQL Injection: Whitebox Approach Finding and exploiting CVE-2021-43481, a time-based blind SQL injection in webTareas, discovered through source code review.