https://1392081456.github.io/2026/05/26/cve-to-sigma-30min/ 2026-05-26T09:00:00+08:00 https://1392081456.github.io/2026/05/26/pwn-to-falco-rules/ 2026-05-26T16:30:00+08:00 https://1392081456.github.io/2026/05/27/adversarial-ml-to-atlas/ 2026-05-27T09:30:00+08:00 https://1392081456.github.io/2026/05/28/geoserver-cve-2024-36401-anatomy/ 2026-05-28T10:00:00+08:00 https://1392081456.github.io/2026/05/28/picking-cves-detection-triage/ 2026-05-28T10:00:00+08:00 https://1392081456.github.io/2026/05/29/three-2024-cves-detection-signal-quality/ 2026-05-29T10:00:00+08:00 https://1392081456.github.io/2026/05/30/testing-four-axis-rubric-against-nexus-4956/ 2026-05-30T10:00:00+08:00 https://1392081456.github.io/2026/06/02/23-vulhub-labs-three-things-i-would-redo/ 2026-06-02T10:00:00+08:00 https://1392081456.github.io/2026/06/05/tricking-ai-scanners-indirect-prompt-injection/ 2026-06-05T09:30:00+08:00 https://1392081456.github.io/2026/06/06/four-ways-llm-apps-turn-data-into-actions/ 2026-06-06T09:30:00+08:00 https://1392081456.github.io/2026/06/07/18-sqli-labs-from-tautologies-to-oob/ 2026-06-07T09:30:00+08:00 https://1392081456.github.io/2026/06/09/web-cache-deception-five-labs/ 2026-06-09T09:30:00+08:00 https://1392081456.github.io/2026/06/10/csrf-tokens-do-not-prove-user-intent/ 2026-06-10T09:30:00+08:00 https://1392081456.github.io/2026/06/11/entity-resolution-is-a-file-and-network-boundary/ 2026-06-11T09:30:00+08:00 https://1392081456.github.io/2026/06/12/ssrf-is-a-network-position-bug/ 2026-06-12T09:30:00+08:00 https://1392081456.github.io/2026/06/13/xss-is-a-parser-boundary-problem/ 2026-06-13T09:30:00+08:00 https://1392081456.github.io/2026/06/14/csrf-is-a-state-transition-bug/ 2026-06-14T09:30:00+08:00 https://1392081456.github.io/2026/06/15/dom-bugs-live-in-the-browser-runtime/ 2026-06-15T09:30:00+08:00 https://1392081456.github.io/2026/06/16/cors-is-not-authorization/ 2026-06-16T09:30:00+08:00 https://1392081456.github.io/2026/06/17/request-smuggling-is-a-parser-disagreement/ 2026-06-17T09:30:00+08:00 https://1392081456.github.io/2026/06/18/blind-command-injection-is-a-channel-problem/ 2026-06-18T09:30:00+08:00 https://1392081456.github.io/2026/06/19/ssti-is-context-first/ 2026-06-19T09:30:00+08:00 https://1392081456.github.io/2026/06/20/path-traversal-is-a-canonicalization-bug/ 2026-06-20T09:30:00+08:00 https://1392081456.github.io/2026/06/21/authorization-is-not-a-route-name/ 2026-06-21T09:30:00+08:00 https://1392081456.github.io/2026/06/22/authentication-bugs-are-state-machine-bugs/ 2026-06-22T09:30:00+08:00 https://1392081456.github.io/2026/06/23/websocket-security-starts-at-the-handshake/ 2026-06-23T09:30:00+08:00 https://1392081456.github.io/2026/06/24/a-return-address-is-a-partially-known-pointer/ 2026-06-24T09:30:00+08:00 https://1392081456.github.io/2026/06/24/web-cache-poisoning-is-a-key-boundary-bug/ 2026-06-24T09:30:00+08:00 https://1392081456.github.io/2026/06/25/deserialization-restores-code-paths/ 2026-06-25T09:30:00+08:00 https://1392081456.github.io/2026/06/26/information-leaks-are-missing-exploit-parameters/ 2026-06-26T09:30:00+08:00 https://1392081456.github.io/2026/06/27/business-logic-bugs-are-broken-invariants/ 2026-06-27T09:30:00+08:00 https://1392081456.github.io/2026/06/28/host-is-routing-metadata/ 2026-06-28T09:30:00+08:00 https://1392081456.github.io/2026/06/29/oauth-security-is-binding/ 2026-06-29T09:30:00+08:00 https://1392081456.github.io/2026/06/30/file-upload-is-a-four-stage-boundary/ 2026-06-30T09:30:00+08:00 https://1392081456.github.io/2026/07/01/jwt-security-is-verification-policy/ 2026-07-01T09:30:00+08:00 https://1392081456.github.io/2026/07/02/targeted-scanning-is-a-manual-testing-tool/ 2026-07-02T09:30:00+08:00 https://1392081456.github.io/2026/07/03/prototype-pollution-is-property-lookup-abuse/ 2026-07-03T09:30:00+08:00 https://1392081456.github.io/2026/07/04/graphql-security-is-schema-and-transport-control/ 2026-07-04T09:30:00+08:00 https://1392081456.github.io/2026/07/05/race-conditions-are-state-transition-bugs/ 2026-07-05T09:30:00+08:00 https://1392081456.github.io/2026/07/06/nosql-injection-is-query-shape-injection/ 2026-07-06T09:30:00+08:00 https://1392081456.github.io/2026/07/07/api-testing-is-contract-drift-hunting/ 2026-07-07T09:30:00+08:00 https://1392081456.github.io/2026/07/08/reverse-engineering-is-model-recovery/ 2026-07-08T09:30:00+08:00 https://1392081456.github.io/2026/07/09/constrained-shellcode-is-interface-design/ 2026-07-09T09:30:00+08:00 https://1392081456.github.io/2026/07/10/modern-mitigation-bypass-is-leak-chaining/ 2026-07-10T09:30:00+08:00 https://1392081456.github.io/about/ https://1392081456.github.io/ https://1392081456.github.io/topics/