Field Notes
6 articles on offensive security, blockchain auditing, AI red-teaming, and OPSEC.
Building a Recon Pipeline with Subfinder, Httpx & Nuclei
How I automated asset discovery and vulnerability scanning into a single declarative NixOS-managed pipeline that runs on every scope update.
Jailbreaking LLMs with Garak — What Actually Works in 2026
A practical walkthrough of multi-turn prompt injection, role-play escalation, and token smuggling techniques tested against GPT-4o and Llama 3.
Reentrancy Attacks — From Classic to Cross-Function Variants
Deep dive into reentrancy patterns in Solidity, how Slither and Foundry fuzz tests catch them, and a real Code4rena finding walkthrough.
SIEM Alert Triage at Scale — Cutting False Positives by 60%
Lessons from building correlation rules, tuning Sigma detections, and using Python to auto-enrich alerts with threat intel feeds.
Declarative OPSEC — Managing a Kill-Switch WireGuard Setup with NixOS
How I use Home Manager and WireGuard to enforce a network kill-switch, compartmentalised identities, and reproducible security tooling.
SSRF to Internal AWS Metadata — A Bug Bounty Case Study
Step-by-step breakdown of chaining an open redirect with a blind SSRF to reach the EC2 metadata endpoint and escalate to credential theft.