Archives

How Android apps are built (activities, intents, services, broadcasts), where the attack surface is, and the methodology for pentesting and reversing an APK.

Quick-reference commands for Android pentesting: adb device interaction, apktool, APK signing, and jadx decompilation.

The mental model behind Git. The three areas, commits as snapshots, branches as pointers, HEAD, remotes, merge vs rebase, and the reflog.

What DevOps and DevSecOps actually are, why CI/CD matters, the tool categories you stitch together, and how SCA, SAST, DAST, IaC, CaC, and vulnerability management fit into a pipeline.

A growing quick-reference for DevSecOps pipeline jobs, the Docker-based scanner snippets I reach for, and the vulnerability-manager upload pattern.

A growing quick-reference of the Docker commands I actually reach for, from running containers and building images to networks, volumes, Compose, and cleanup.

A growing quick-reference of the Git commands I actually reach for. Staging, branching, rebasing, undoing things, and recovering from a bad day.

The mental model behind Docker. What containers actually are, how they differ from VMs, image layers, the Dockerfile, networking, volumes, and registries.

A growing quick-reference of the Linux commands I actually reach for day to day, from navigation and search to processes, services, and packages.

The mental model behind SSH. How the handshake works, host keys, public-key authentication, the agent, port forwarding, and why permissions matter.

A quick-reference of the SSH commands I actually use, from key generation and copying through port forwarding, file transfer, jump hosts, and sshd hardening.

An overview of File Upload vulnerabilities, bypass techniques, and remediation strategies.

An overview of Information Disclosure vulnerabilities, testing techniques, and remediation strategies.

An overview of NoSQL Injection types, identification techniques, and remediation strategies.

An overview of OS Command Injection, detection techniques, exploitation methods, and remediation strategies.

An overview of Path/Directory Traversal vulnerabilities, exploitation techniques, and remediation strategies.

An overview of Server-Side Request Forgery (SSRF) vulnerabilities, bypass techniques, and remediation strategies.

An overview of Web Cache Deception attacks, detection techniques, and remediation strategies.

What FTP is, how to enumerate it (vsFTPd config, anonymous access, server interrogation), and the attacks: brute-forcing, known-version exploits, the FTP bounce SSRF, web-app command injection, and credential sniffing.

What penetration testing is, the three engagement types (black, grey, white box), the domains you can test, and the process the work moves through.

The mental model behind Linux. Components, distributions, filesystem hierarchy, the shell, paths, redirection, and the permissions system.