code-review

2026

February 1, 2026 Hunting for Deserialization Gadgets in the Rails Ecosystem Walking through the process of identifying a deserialization gadget chain commonly available in Ruby on Rails applications.

2025

December 4, 2025 OSWE: 5 Years Later A retrospective on the Offensive Security Web Expert certification five years later, and how its open-box methodology shaped my approach to application security.

2022

March 5, 2022 Building Custom Detection Signatures (SAST) Writing custom Semgrep rules to detect application-specific vulnerabilities that generic SAST tools miss, with real-world examples and pattern design.

2021

November 5, 2021 Discovering a Blind SQL Injection: Whitebox Approach Finding and exploiting CVE-2021-43481, a time-based blind SQL injection in webTareas, discovered through source code review.