Technical Blog
A space dedicated to raw technical analysis, unadulterated vulnerability research breakdowns, and thoughts on making the digital ecosystem fundamentally harder to compromise.
For direct notifications on new content drops seamlessly, check out my external platforms below.
The Story of CVE-2025-14598
A deep technical breakdown of discovering a critical Remote Code Execution vulnerability in a massive educational ERP platform. I document the entire process from initial SQLi reconnaissance to exploiting backend databases, and ultimately mitigating the threat across 100+ institutions via CERT/CC.
Read on Medium ↗Building Unhackable Websites
Exploring the paradigm of zero-dependency and zero-Javascript architecture. How ripping out modern backend complexity structurally eradicates 90% of your OWASP attack surface implicitly, eliminating XSS and standard payload vectors at the root layer.
View Concepts ↗The Portable Privacy Fortress
Step-by-step documentation on architecting your own amnesic, live-boot workstation on an encrypted portable USB. Designed purely for analysts operating entirely off-the-grid or in inherently hostile enterprise environments.
View Guide ↗Introducing SifrSec: Deciphering Cybersecurity
A formal announcement of the SifrSec project. Roadmaps, hardware hacking, rigorous incident response methodologies, and vulnerability research packaged strictly for real practitioners who despise fluff and marketing noise. Let's elevate the community baseline.
Visit SifrSec ↗