source-code-review

2026

February 1, 2026 Hunting for Deserialization Gadgets in the Rails Ecosystem Walking through the process of finding a new deserialization gadget chain in the Ruby on Rails ecosystem, from trigger to sink.

2025

December 4, 2025 OSWE: 5 Years Later A retrospective on the Offensive Security Web Expert certification five years later, and how its open-box methodology shaped my approach to application security.

2021

November 5, 2021 Discovering a Blind SQL Injection: Whitebox Approach Finding and exploiting CVE-2021-43481, a time-based blind SQL injection in webTareas, discovered through whitebox source code review with a full exploitation walkthrough.