Blog
Security research write-ups, vulnerability analysis, and technical notes.
CVE-2026-32593 | How a Single Regex Character Broke Winter CMS Security
Winter CMS, a Laravel-based content management system, had a critical SQL injection vulnerability in its backend filter widget. The issue stemmed from a regex that only checked for the presence of a digit, allowing attackers to inject malicious SQL. This post details the discovery, analysis, and remediation of CVE-2026-32593.
Read more →
LABx_Docs - Complete Setup Guide
A simple guide to set up your web security training environment
Read more →
Web Security Labs Part III
Walkthrough For Web Security Category In Cyber Talents Part 3
Read more →
Attacktive Directory | THM
99% of Corporate networks run off Active Directory. From this machine you will have a basic understanding on how to exploit such an environment.
Read more →
Web Security Labs Part II
Walkthrough For Web Security Category In Cyber Talents Part 2
Read more →
Web Security Labs Part I
Walkthrough For Web Security Category In Cyber Talents Part 1
Read more →