Writing

Security & Engineering Blog

Practical write-ups on red teaming, DevSecOps, web security hardening, and system design.

March 18, 2026

Kerberoasting From Both Sides: Attack Execution and Detection With Elastic SIEM

A deep dive into how Kerberoasting works under the hood, step-by-step execution against a lab AD environment, and the exact Sigma rules to detect it in production.

Active DirectoryKerberosSIEMSigmaRed Team

Read

DevSecOps10 min

February 27, 2026

Shift-Left Security: Building a Zero-Compromise CI/CD Pipeline With GitHub Actions

How I wired Semgrep, Trivy, OWASP ZAP, and OPA into a single GitHub Actions workflow that blocks PRs on security findings — without slowing down the team.

GitHub ActionsSemgrepTrivyOWASP ZAPCI/CD

Read

Web Security15 min

January 14, 2026

OWASP Top 10 for Next.js Apps: A Practical Hardening Checklist

Working through every OWASP Top 10 category with concrete Next.js / Node.js mitigations — from injection prevention to security logging and monitoring.

OWASPNext.jsWeb SecurityHardening

Read