Blog

Bypassing Quotes Filters: String.fromCharCode() to the Rescue

December 20, 2025 2 min read

Learn how String.fromCharCode() can bypass filters that remove quotes, and why filtering specific characters isn't enough for XSS protection

security xss web-security ctf string-fromcharcode filter-bypass

Building llmsh: Natural Language Commands for the Terminal

December 19, 2025 6 min read

How I built a zsh plugin that transforms natural language into shell commands using Ollama and fzf, making terminal workflows faster and more intuitive

devops automation terminal zsh llm tooling

Bypassing Parentheses Filters: Template Literals to the Rescue

XSS Series - Part 5

December 19, 2025 3 min read

Learn how JavaScript template literals can bypass filters that remove parentheses, and why filtering specific characters isn't enough for XSS protection

security xss web-security ctf template-literals filter-bypass

Bypassing Filters with JSFuck: When Character Restrictions Aren't Enough

XSS Series - Part 4

December 18, 2025 6 min read

Learn how JSFuck can bypass filters that remove alphanumeric characters, and why simple character filtering is insufficient for XSS protection

security xss web-security ctf jsfuck filter-bypass

Persistent XSS Through APIs: A Practical Analysis

XSS Series - Part 3

December 17, 2025 9 min read

Exploring how persistent XSS vulnerabilities can be exploited through API endpoints and how to prevent them

security xss api injection owasp

Learning XSS Through Practice: Baby Challenge Walkthrough

XSS Series - Part 2

December 16, 2025 8 min read

A beginner-friendly walkthrough of three XSS challenges that teach you exactly what Cross-Site Scripting is and how it works through hands-on practice

security xss web-security ctf learning beginner

Understanding XSS: Cross-Site Scripting Basics

XSS Series - Part 1

December 15, 2025 19 min read

A comprehensive introduction to Cross-Site Scripting (XSS) attacks, covering types, techniques, and defense strategies

security xss web-security owasp javascript

Route Discovery in SPAs: Security Testing with Headless Browsers

November 28, 2025 7 min read

Building a custom tool for discovering hidden routes in Single Page Applications using headless browser automation

security spa reconnaissance selenium automation owasp

Understanding Brute Force Attacks: From Theory to Practice

November 10, 2025 8 min read

A practical guide to brute force attacks, demonstrating exploitation techniques and mitigation strategies using OWASP Juice Shop

security brute-force authentication python owasp

Getting Started with Web Security Testing

July 15, 2025 4 min read

Personal introduction to web security testing and the OWASP Juice Shop learning journey

security learning owasp introduction