Preface: The Crack Between Philosophy and Execution First half of 202x. When the groupās penetration test report stated, āSQL Injection possible in WAF-unprotected section,ā the CISO was silent for a while. The report was blunt, the attack was classic, and there was no defense. āWas I wrong? Or did they misunderstand my intentionā¦?ā The CISO was a leader of strong conviction. He believed that with a strategy of āIPS + security by design,ā it was possible to build a system robust enough to forgo WAF deployment. In fact, for years, this strategy contributed to the organizationās threat detection and incident prevention. ...
š„ A Mind That Dissects Systems
š„ Trust and Culture Beyond Technology
š„ Code That Fixes, Not Just Runs
The Limitations of 'Secure' SSRF Patches: Advanced Bypasses and Defense-in-Depth
No Silver Bullet: Folklore & Modern Meaning The phrase āno silver bulletā originated in European folklore, where silver bullets were believed to be uniquely effective against supernatural creatures like werewolves or vampires. The earliest documented use appears in Walter Scottās 1816 Tales of My Landlord, and historical cases such as the 1765 Beast of GĆ©vaudan reference silver bullets as a last resort against mysterious threats. Over time, the expression evolved: today, āno silver bulletā means there is no single, simple solution to complex problemsāa message popularized in software engineering by Fred Brooksā 1986 essay. This post applies that lesson to SSRF defense: beware of one-size-fits-all fixes, and look deeper than folklore or quick patches. ...
Exception Serialization Patterns in OpenStack Nova: Theoretical RCE Risks and Lessons Learned
Analysis of potential Remote Code Execution vulnerability in OpenStack Novaās exception serialization mechanism, including multiple PoC scenarios and defense recommendations.
Endpoint Evasion Techniques (2020ā2025): The Evolution of Attacks Bypassing EDR
This post analyzes the evolution of endpoint evasion techniques from 2020 to 2025. It covers BYOI, BYOVD, DLL hijacking, service tampering, and other sophisticated methods attackers use to bypass EDR and AV. Real-world ransomware cases and vendor impact are discussed, along with defensive insights.
SPOF in Cybersecurity: From History to Strategy, a Graph-Based Analysis
Analyzing the threat of Single Points of Failure (SPOF) through historical examples and graph theory, this piece presents a strategic approach to identifying and mitigating structural weaknesses in cybersecurity infrastructures.
Dicer Module Vulnerability Mitigation Guide: CVE-2022-24434
This guide analyzes a vulnerability in the Dicer module indirectly affecting Multer, and provides a practical mitigation strategy. It serves as a real-world example of dealing with unmaintained open source dependencies.
How I Managed Unmaintained Open Source with Gmail and Snyk Alerts
When API access falls short, automation through Gmail and Apps Script becomes essential. Hereās how I used Google Apps Script to collect Snyk vulnerability alerts and patch data automatically.
Human Insight and Artificial Intelligence: Dialogue at an Impossible Crossroads
Can AI achieve enlightenment? This article explores the asymmetric nature of human insight and machine repetition, outlining technical conditions that might allow for a reflective AIāand the philosophical limits it must face.
Detection Frameworks and Latest Methodologies for eBPF-Based Backdoors
This article analyzes the rise of backdoors and rootkits exploiting eBPF, the detection challenges they pose, and comprehensively summarizes the latest countermeasures and research trends (2023ā2025), including Tracee, LKRG, bpftool, and hypervisor-based auditing.
In-Depth Report on Telecommunication Security: SKT Breach and Global Case Studies
An in-depth analysis focusing on the 2025 SKT breach, the core security structures of telecom infrastructure, and historical global incidents (Gemalto, APT10, Circles). Also covers subscriber authentication (Ki, SUPI/SUCI) and security differences between 5G SA and NSA.