I break down scary security topics so you don't have to be scared.
A cybersecurity blog from the learner's perspective. Hands-on breakdowns with real terminal output, diagrams, and zero gatekeeping.
Starting Nmap 7.94 ( https://nmap.org )PORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 8.980/tcp open http Apache 2.4.52443/tcp open ssl/http Apache 2.4.52/admin (Status: 403) [Size: 277]/login (Status: 200) [Size: 1234]/api (Status: 301) [Size: 312]Latest posts
View all →Ethernaut Level 2: One Character Typo, Millions Lost
How a constructor naming bug in Solidity let anyone claim ownership of a contract. A walkthrough of Ethernaut's Fallout challenge.
What AI Audit Tools Catch vs What They Miss in Smart Contracts
Based on the EVMbench benchmark and my own experiments running Slither on Ethernaut solutions, here is what AI audit tools catch and what they miss.
Ethernaut Level 1: How a receive() Function Hands Over Contract Ownership
A step-by-step walkthrough of the Ethernaut Fallback challenge. The contract looks secure through contribute(), but a weaker path in receive() lets anyone take control.
I Built a Pentest Cheatsheet. Here Is What Is In It.
A walkthrough of my 90+ command pentest cheatsheet covering 12 sections: recon, AD attack phases, privilege escalation, pivoting, credential cracking, and Web3 auditing.
Tools I work with
The Security Breakdown
Get the The Security Breakdown newsletter. One email per week. No spam.
About me
I'm Maharshi Mishra. I spent 2.5 years as a Developer Advocate at MetaMask, then moved to Yellow Network to lead developer experience for the Nitrolite Protocol (ERC-7824). Now I'm pivoting into offensive security, studying for PNPT and PT1, and writing about everything I learn along the way.
Read more →