Skip to content

Exploits

Every system has cracks.
Some are born of bad code, others of bad assumptions.
This section is where I learn to find them — and understand what keeps them from healing.

What belongs here

  • XSS → injecting scripts into trusted spaces to hijack logic, steal data, or deface.
  • Hardcoded Secrets → left for the taking, and are very common cause to break cryptography.
  • IDOR → broken access controls that let users reach what they shouldn’t.
  • SQLi → manipulating queries to extract, modify, or destroy data.
  • SSRF → turning servers into unwitting proxies.

Each exploit is studied in full:
- What it is
- How it works
- How to exploit it
- How to defend against it

Why exploits matter to me

Exploits aren’t just tricks, they’re lessons.
They show where trust breaks, where logic fails, and where assumptions become liabilities.

To understand them is to understand the shape of risk.
To master them is to become fluent in the language of failure and resilience.

How I’ll use this space

This isn’t a trophy case of payloads.
It’s a growing map of how systems fall apart and how they can be rebuilt stronger.

Some entries will be clean: diagrams, examples, mitigations.
Others will be raw: notes from labs, failed attempts, half-baked ideas.

That mix happens because that is the process of learning.
It is because exploits aren’t static, and neither is the mind that studies them.