From DevOps to DevSecOps: Practical Lessons from the Trenches
March 9, 2026
How a hands-on DevSecOps certification and several real projects – Python tasks, a Django shop, APIs and infrastructure automation – changed the way I think about security.
March 2026
Graylog AI Summary: Daily error and security log summaries via Ollama
March 8, 2026
Why a daily LLM digest beats static alerts, and how graylog-ai-summary turns Graylog logs into a short report in Telegram or Slack
vaultsh: CLI Wrapper for HashiCorp Vault
HashiCorp Vault - Part 4March 8, 2026
A standalone CLI wrapper that bundles common Vault admin tasks: OIDC login, session checks, KV read/write, and diagnostics, with native Python menus (arrow keys, shortcuts)
Ansible Vault Password from HashiCorp Vault – Wrapper Script
HashiCorp Vault - Part 3March 7, 2026
How I use a wrapper script to pull the Ansible Vault password from HashiCorp Vault so I don't keep it locally while migrating repos to Vault
Deploying HashiCorp Vault with Ansible
HashiCorp Vault - Part 2March 6, 2026
How I deploy a Vault instance with Ansible – reproducible, documented, and ready for your first secrets
What is HashiCorp Vault?
HashiCorp Vault - Part 1March 6, 2026
An introduction to HashiCorp Vault: what it is, what it does, and how the concept of centralised secrets management is meant to work
December 2025
Bypassing Quotes Filters: String.fromCharCode() to the Rescue
XSS Series - Part 6December 20, 2025
Learn how String.fromCharCode() can bypass filters that remove quotes, and why filtering specific characters isn't enough for XSS protection
Building llmsh: Natural Language Commands for the Terminal
December 19, 2025
How I built a zsh plugin that transforms natural language into shell commands using Ollama and fzf, making terminal workflows faster and more intuitive
Bypassing Parentheses Filters: Template Literals to the Rescue
XSS Series - Part 5December 19, 2025
Learn how JavaScript template literals can bypass filters that remove parentheses, and why filtering specific characters isn't enough for XSS protection
Bypassing Filters with JSFuck: When Character Restrictions Aren't Enough
XSS Series - Part 4December 18, 2025
Learn how JSFuck can bypass filters that remove alphanumeric characters, and why simple character filtering is insufficient for XSS protection
Persistent XSS Through APIs: A Practical Analysis
XSS Series - Part 3December 17, 2025
Exploring how persistent XSS vulnerabilities can be exploited through API endpoints and how to prevent them
Learning XSS Through Practice: Baby Challenge Walkthrough
XSS Series - Part 2December 16, 2025
A beginner-friendly walkthrough of three XSS challenges that teach you exactly what Cross-Site Scripting is and how it works through hands-on practice
Understanding XSS: Cross-Site Scripting Basics
XSS Series - Part 1December 15, 2025
A comprehensive introduction to Cross-Site Scripting (XSS) attacks, covering types, techniques, and defense strategies
November 2025
Route Discovery in SPAs: Security Testing with Headless Browsers
November 28, 2025
Building a custom tool for discovering hidden routes in Single Page Applications using headless browser automation
Understanding Brute Force Attacks: From Theory to Practice
November 10, 2025
A practical guide to brute force attacks, demonstrating exploitation techniques and mitigation strategies using OWASP Juice Shop