Blog

Security breakdowns, tool reviews, journey updates, and everything I'm learning along the way.

March 24, 2026·2 min read·Critical

Ethernaut Level 2: One Character Typo, Millions Lost

How a constructor naming bug in Solidity let anyone claim ownership of a contract. A walkthrough of Ethernaut's Fallout challenge.

ethernautsoliditysmart-contracts+2

March 23, 2026·3 min read·Medium

What AI Audit Tools Catch vs What They Miss in Smart Contracts

Based on the EVMbench benchmark and my own experiments running Slither on Ethernaut solutions, here is what AI audit tools catch and what they miss.

smart-contractsAIslither+1

March 23, 2026·3 min read·High

Ethernaut Level 1: How a receive() Function Hands Over Contract Ownership

A step-by-step walkthrough of the Ethernaut Fallback challenge. The contract looks secure through contribute(), but a weaker path in receive() lets anyone take control.

ethernautsoliditysmart-contracts+1

March 22, 2026·3 min read·Info

I Built a Pentest Cheatsheet. Here Is What Is In It.

A walkthrough of my 90+ command pentest cheatsheet covering 12 sections: recon, AD attack phases, privilege escalation, pivoting, credential cracking, and Web3 auditing.

cheatsheetpentestingtools+1

March 21, 2026·3 min read·High

The 5 Active Directory Attacks Every Developer Should Understand

LLMNR poisoning, SMB relay, Kerberoasting, GPP attacks, and token impersonation explained with analogies and real commands.

active-directorykerberoastingLLMNR+1

March 20, 2026·3 min read·Info

I Quit Studying Security for 3 Months. Here Is My Plan to Get Back on Track.

After 3 months of inactivity, I am rebooting my cybersecurity pivot with a structured 60-day plan. Here is exactly what I am doing and why.

career-switchPNPTstudy-plan