ɐʞsǝS
@trapdoorsec.com
1999→Dev→AppSec→Blue Team→GRC→Leadership→Even more appsec→Cat wrangling →Blogging→2025
https://linktr.ee/akses.null
https://linktr.ee/akses.null
Unsloppifying my avatar while waiting for Claude code to do menial tasks
December 26, 2025 at 12:28 PM
Unsloppifying my avatar while waiting for Claude code to do menial tasks
She's looking at the arrival of Tailwind-SQL and a contemplating a whole new SQLi in HTML bug class
December 21, 2025 at 9:40 AM
She's looking at the arrival of Tailwind-SQL and a contemplating a whole new SQLi in HTML bug class
Me: "I'll just root this HTB machine before dinner"
CodePartTwo: "yeah nah"
Well-designed box feels like actual enterprise security - a series of seemingly innocent misconfigurations that build on each other leading to full system compromise.
CodePartTwo: "yeah nah"
Well-designed box feels like actual enterprise security - a series of seemingly innocent misconfigurations that build on each other leading to full system compromise.
November 26, 2025 at 10:23 AM
Me: "I'll just root this HTB machine before dinner"
CodePartTwo: "yeah nah"
Well-designed box feels like actual enterprise security - a series of seemingly innocent misconfigurations that build on each other leading to full system compromise.
CodePartTwo: "yeah nah"
Well-designed box feels like actual enterprise security - a series of seemingly innocent misconfigurations that build on each other leading to full system compromise.
Welp, time to put this in the security training
November 26, 2025 at 6:31 AM
Welp, time to put this in the security training
20 years in AppSec, visualized.
OWASP Top 10: 2004 version 2 vs 2025 version RC8
What changed?
Buffer overflows mostly gone (memory-safe languages)
XSS declined (framework protections)
Injection evolved but persists
Supply chain attacks emerged
Broken Access Control now #1
OWASP Top 10: 2004 version 2 vs 2025 version RC8
What changed?
Buffer overflows mostly gone (memory-safe languages)
XSS declined (framework protections)
Injection evolved but persists
Supply chain attacks emerged
Broken Access Control now #1
November 25, 2025 at 1:18 PM
20 years in AppSec, visualized.
OWASP Top 10: 2004 version 2 vs 2025 version RC8
What changed?
Buffer overflows mostly gone (memory-safe languages)
XSS declined (framework protections)
Injection evolved but persists
Supply chain attacks emerged
Broken Access Control now #1
OWASP Top 10: 2004 version 2 vs 2025 version RC8
What changed?
Buffer overflows mostly gone (memory-safe languages)
XSS declined (framework protections)
Injection evolved but persists
Supply chain attacks emerged
Broken Access Control now #1
Goes completely unreported in some news sources at the moment, (e.g. Breitbart) however the outlets that do report it, appear united in condemning the violence, just pushing slightly different narratives. via ground.news...
December 21, 2024 at 12:50 AM
Goes completely unreported in some news sources at the moment, (e.g. Breitbart) however the outlets that do report it, appear united in condemning the violence, just pushing slightly different narratives. via ground.news...
Game dev workstation turned into the game soundtrack production dept. last night
December 5, 2024 at 10:21 AM
Game dev workstation turned into the game soundtrack production dept. last night
Just know that whenever you say you’re skeeting, what goes through my brain is Skeet Ulrich in a horror movie
December 1, 2024 at 4:30 AM
Just know that whenever you say you’re skeeting, what goes through my brain is Skeet Ulrich in a horror movie
Here’s a skill tree backdrop concept I’m working on
November 30, 2024 at 5:31 PM
Here’s a skill tree backdrop concept I’m working on
Say it ain’t so! You mean… absolute power… corrupts absolutely? No way!
November 15, 2024 at 11:20 PM
Say it ain’t so! You mean… absolute power… corrupts absolutely? No way!
Fun fact: you can have spaces in F# method names. This may or may not be useful for obfuscating dotnet binaries
November 13, 2024 at 8:53 AM
Fun fact: you can have spaces in F# method names. This may or may not be useful for obfuscating dotnet binaries
One attempt to get the input force wrong, one attempt to get the orientation incorrect, one attempt to correct both…
…and in the darkness bind them…
…they are truly the work of an evil and malevolent force.
…and in the darkness bind them…
…they are truly the work of an evil and malevolent force.
November 11, 2024 at 3:21 PM
One attempt to get the input force wrong, one attempt to get the orientation incorrect, one attempt to correct both…
…and in the darkness bind them…
…they are truly the work of an evil and malevolent force.
…and in the darkness bind them…
…they are truly the work of an evil and malevolent force.
