Writing
Bylined posts on the ProjectDiscovery blog, older bug-bounty writeups on Medium, and notes published here — one list, newest first.
all writing
Building for humans and agents
A colophon-style note on why this site renders every page twice — once as HTML for people, once as plain markdown for agents — and what that has to do with the observability work I actually do all day.
Benchmarking Neo's Black-Box DAST Capabilities (external)
Neo scores 51/60 (85%) on Argus under a hardened black-box methodology — the first public marker of the shift to AI-security research.
Introducing the httpx dashboard (external)
A hosted view over httpx scan output, built on the PDCP dashboard.
Fuzzing for Unknown Vulnerabilities with Nuclei v3.2 (external)
A walkthrough of v3.2's fuzzing engine, built to surface unknown vulnerability classes rather than known signatures.
Scanning Login-Protected Targets with Nuclei v3.2 (external)
Using v3.2's authenticated-scanning support to run templates against targets that sit behind a login.
Nuclei v3.2 Release with Authenticated Scanning, Advanced Fuzzing & more (external)
Authenticated scanning, advanced fuzzing, and ECDSA template signing land in v3.2.
Introducing Nuclei v3 (external)
A rewrite of Nuclei's execution core: the new Go SDK, the JavaScript scripting engine, and multi-protocol templates.
How I Got Access to a Company's Auth0 Management API (external)
A leaked Management API token that exposed roughly 300 users' data.
Introducing Alterx: Efficient Active Subdomain Enumeration with Patterns (external)
Why pattern-based subdomain permutation beats a static wordlist, and how Alterx's DSL generates candidates for active enumeration.
How I Found a Company's Internal S3 Bucket with 41k Files (external)
Three misconfigured S3 buckets on one target, one holding roughly 41k files (23.6 GB) including a database backup.
Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (external)
A three-part series on Talosplus, the Go recon-automation framework built to replace ad-hoc bash scripts (3-part series; part 1 linked).