Articles, notes and interactive experiments.
I mix secure development, music, endless home lab tweaks and the technologies that power my projects.
-
CVE-2024-29041 only works on Safari?
Digging into the Chromium and Firefox source code to understand why the payload navigates to the malicious host on Safari but not on other browsers.
805 words · 4 min
CVE ler artigo ↗ -
Express.js Open Redirect
How a backslash in a URL bypasses allowlists and fools the browser. A full breakdown of CVE-2024-29041 in Express.js with an interactive demo.
3,134 words · 16 min
CVE ler artigo ↗ -
OWASP Top 10 Update
Top 10:2025 is not just a list. It reflects how misconfigurations, supply chain, exception handling, and operational failures are breaking real businesses.
1,896 words · 9 min
owasp ler artigo ↗ -
Cmd+K for the IA Terminal
How to bring Cursor-style Cmd+K to any shell using an AI CLI as a suggester only.
937 words · 5 min
ai ler artigo ↗ -
Open source site analytics
What I learned from self-hosting Tianji: PV/UV without cookies, campaigns, and reliability lessons.
1,113 words · 6 min
analytics ler artigo ↗ -
Explorable Explanations
A curated list of interactive articles with animations, simulations, and visualizations that make complex topics visual, intuitive, and even fun to learn.
995 words · 5 min
InfoViz ler artigo ↗ -
Cursor Rules and Secure Code Review
How to use Cursor Rules and checklists adapted to the project context to optimize security reviews in modern applications.
919 words · 5 min
security ler artigo ↗ -
Top 5 Rust Vulnerabilities Created with AI
Summary of the 5 most common vulnerabilities in Rust applications, generated with AI support and based on RustSec data.
586 words · 3 min
rust ler artigo ↗ -
Git Config by Core Devs
How core Git developers configure their defaults.
7 words · 1 min
git ler artigo ↗ -
Avante.nvim + 1Password
Integrating Avante.nvim with 1Password.
662 words · 3 min
vim ler artigo ↗ -
Creating KPIs for an AppSec Program
I share here my experiences and learnings about creating KPIs for application security, without magic formulas, but with practical insights that can help other professionals in the field.
785 words · 4 min
security ler artigo ↗ -
Security for Developers
In 2020, I started developing a book about security for developers, inspired by other authors and aiming to help the community naturally incorporate security into the daily development workflow.
506 words · 3 min
security ler artigo ↗ -
eBPF in Action
In this post, we’ll explore what eBPF is, why it’s ideal for Kubernetes clusters, and how it powers security and observability tools in DevOps.
534 words · 3 min
ebpf ler artigo ↗ -
Threat Modeling Express: a fast start
How to engage the team, map critical assets, and ship controls quickly with Threat Modeling Express.
2,591 words · 13 min
Threat Modeling ler artigo ↗ -
Misconfiguration Vulnerabilities in Reverse Proxies: A Comprehensive Guide
One of the technologies revolutionizing various markets that you need to know.
1,030 words · 5 min
reverse proxy ler artigo ↗ -
Proxmox and Homelab
How I Transformed a Mini PC into a Respectable Server
568 words · 3 min
proxmox ler artigo ↗ -
Python Injection
Demonstration of a Telegram bot made in Python with injection vulnerability
430 words · 2 min
owasp ler artigo ↗ -
Devsec Links #10
Interesting links on the topic of secure development.
604 words · 3 min
DevSec ler artigo ↗ -
Devsec Links #09
Interesting links on the topic of secure development.
584 words · 3 min
DevSec ler artigo ↗ -
Devsec Links #08
Interesting links on the topic of secure development.
481 words · 2 min
DevSec ler artigo ↗ -
Devsec Links #07
Interesting links on the topic of secure development.
434 words · 2 min
DevSec ler artigo ↗ -
Devsec Links #06
Interesting links on the topic of secure development.
499 words · 2 min
DevSec ler artigo ↗ -
Devsec Links #05
Interesting links on the topic of secure development.
589 words · 3 min
DevSec ler artigo ↗ -
Devsec Links #04
Interesting links on the topic of secure development.
525 words · 3 min
DevSec ler artigo ↗ -
Devsec Links #03
Interesting links on the topic of secure development.
687 words · 3 min
DevSec ler artigo ↗ -
Devsec Links #02
Interesting links on the topic of secure development.
584 words · 3 min
DevSec ler artigo ↗ -
Devsec Links #01
Interesting links on the topic of secure development.
593 words · 3 min
DevSec ler artigo ↗ -
Basic Recon Automation Using Github Actions
Demonstration of how to use Github Actions to automate a Recon
1,731 words · 9 min
owasp ler artigo ↗ -
Hacktoberfest Owasp
Quick guide to contribute to OWASP projects during Hacktoberfest and secure your PRs.
402 words · 2 min
owasp ler artigo ↗ -
Getting to Know OWASP
A brief introduction to OWASP and its projects
354 words · 2 min
owasp ler artigo ↗ -
Writing Talks
Tips on structuring talks and turning them into articles.
591 words · 3 min
storytelling ler artigo ↗ -
Unraveling Blockchain
One of the technologies revolutionizing various markets that you need to know.
1,305 words · 7 min
blockchain ler artigo ↗