ブログ

blog

writeups from four primary tracks. lowercase, on purpose.

6 posts
  1. 25 may 2026
    cybersecurity

    from three years of sales to junior pentester — notes from a career pivot

    i spent three years in sales while training for a different career on the side. here's what worked, what i'd have done differently, and what the first months out of the old job actually look like.

  2. 18 may 2026
    home lab

    building a personal second brain with obsidian and claude code

    a persistent, citation-linked knowledge base where i curate the sources and an llm agent does the reading, summarising, and bookkeeping. here's the architecture, the rules, and what i've learned six months in.

  3. 10 may 2026
    full-stack

    from php and bootstrap to next.js and tailwind

    i learned to build with php, mysql, and bootstrap. i'm building my portfolio on next.js, prisma, and tailwind. this is the honest version of why — without the usual 'php is dead' cliché.

  4. 2 may 2026
    full-stack

    php patterns that actually hold up under a pentest

    i spent the back half of a two-year program writing php, then the front half breaking php apps. here are the patterns that survived the second half — and the ones that didn't.

  5. 22 april 2026
    cybersecurity

    zap fuzzer vs burp intruder for anti-csrf token brute-force

    burp is the default, but when the login form rotates a csrf token on every request, owasp zap's fuzzer handles it more cleanly. here's the trade-off and the configuration that worked.

  6. 15 april 2026
    cybersecurity

    from one sql injection to a root shell on bwapp

    a walk through the kill chain that anchored my capstone — a single error-based sqli that ended in a root shell via credential reuse and a webdav upload.