Debunking API Security Myths
I recently sat down with Tejpal Garwhal, Application Security and DevSecOps Leader, for a conversation debunking some of the most common API security myths. From…
Category: Mix
How to identify the origin IP
Most of your targets often resort to using content delivery networks (CDNs) or other anti-DDoS reverse proxies to mask their origin IP, protecting the origin…
Getting a Shell on the LAU-G150-C Optical Network Terminal
Optical Network Terminals (ONTs) are devices that convert fiber optic signals to Ethernet signals that can be handled by typical routers. As the connection between…
Self-Contained TypeScript Programs Using Bun
Bun’s auto-install feature If you hate Python as much as me it’s probably because of dependencies. Roughly 23-319% of the time, when I run a…
Building a Personal AI Infrastructure (PAI)
I have a bunch of ideas I want to share here, but let me first start with what I’m doing overall. A mission reminder My…
I Built a Claude Code Pop Menu Inside of Neovim
Kai: AI-powered coding in Neovim (click for full size) I use LazyVim, btw. lol I’ve been using AI to help with coding for a while…
Search in Zola: Fuse.js vs. Elasticlunr.js
Comparing Fuse.js and Elasticlunr.js for Zola’s client-side search. Learn which library suits your static site’s needs. Zola is a fast and lightweight static site generator.…
Remote Code Execution in Microsoft SharePoint (CVE-2025-53770) — API Security
On July 19, 2025, a critical remote code execution (RCE) vulnerability (CVE-2025-53770, also referred to as ToolShell) was publicly disclosed, impacting on-premises Microsoft SharePoint Server…
AI Lets You Do Way More Stuff
When it comes to AI, people are often in one of two camps: They’re freaking out about AI and it’s capabilities They can’t understand why…
![[tl;dr sec] #289 - AI-powered Fuzzing, Incentives in Security, Malware in DNS](https://image.cybernoz.com/wp-content/uploads/2025/07/tldr-sec-289-AI-powered-Fuzzing-Incentives-in-Security-Malware.png)
[tl;dr sec] #289 – AI-powered Fuzzing, Incentives in Security, Malware in DNS
Building My Custom AI Therapist This week I played around with building my own custom AI therapist, and found it offered surprisingly direct and…
Andrew Storms on Trust, AI, and Why CISOs Need to Be Optimists — API Security
Andrew Storms, VP of Security at Replicated, has spent three decades on the frontlines of cybersecurity. From building Unix systems in the early ‘90s to…
Happiness, Struggle, and Options
I think a lot about why people aren’t happy. I’m reading a book now by Bertrand Russell that offers a compelling theory: Modern people are…