// blog

Writeups & Research

2026-05-20

Container Image Security Audit: Trivy in CI with Automated Issue Tracking

Vulnerability scanning workflow for a containerized PHP application using Trivy. Integration with GitHub Actions and auto-generated issues, CVE triage by severity and exploitability, and the base-image vs application-dependency split that drives remediation priorities.

2026-05-19

Full Attack Simulation: Metasploitable 2 from Recon to Root via CVE-2007-2447

End-to-end attack chain on Metasploitable 2. Network discovery with netdiscover, service enumeration with Nmap, exploitation of a critical Samba RCE, post-exploitation, and full Wireshark traffic analysis.

2026-05-18

SQL Injection Walkthrough: Retrieving Hidden Data with Burp Suite

A practical walkthrough of a PortSwigger Web Security Academy lab. Using Burp Suite Proxy and Repeater to bypass a filter and retrieve unreleased products via SQL injection in a WHERE clause.

2026-05-17

Nmap Fundamentals: A Practical Guide

A hands-on walkthrough of Nmap scanning techniques, from host discovery to service enumeration and script scanning.