BLOG

Deep dives • Bug bounties • Practical pentesting
← Back to Portfolio
The Cyber Aryan

STIG,NIST and ISO

Jan 14, 2026 • 12 min read • STIG Frameworks

The Holy Trinity of Not Getting Hacked (Or At Least Looking Like You Care)

Read Full Blog →
The Cyber Aryan

Responsible Disclosure: SQL Injection (Sanitized)

Nov 8, 2025 • 6 min read • Web Security SQLi

A vendor-safe case study of a discovered SQL Injection in a public endpoint. This post contains sanitized PoC notes, safe reproduction steps for developers, and remediation guidance using prepared statements. Screenshots are redacted for privacy.

Read Full Blog →
Toolkit visual

Starter Toolkit for Web App Pentesting (2025)

Nov 3, 2025 • 5 min read • Toolkit OWASP

A compact, high-efficiency toolkit for real engagements: Burp Suite, nmap, gobuster, Nikto, and custom Bash scripts for recon. I explain when to use each and provide quick config tips.

Read Full Blog →
Botnet

What are Botnets

Nov 20, 2025 • 12 min read • Botnet DDOS

Bots or zombies? A simple explanation of how botnets work and how attackers use them.

Read Full Blog →

Underrated-tools

Dec 24, 2025 • 13 min read • Tools HIDS

Look, we all know about Metasploit, Burp Suite, and Nmap. They're the "popular kids" of the cybersecurity world—everyone talks about them, everyone uses them, and honestly? They get all the attention they deserve. But here's the thing: the real gems are hiding in plain sight, gathering dust in GitHub repositories while everyone's busy flexing their Kali Linux boxes

Read Full Blog →
IDOR

What is IDOR?

Nov 18, 2025 • 9 min read • IDOR Authorization

IDOR (or BOLA) explained with simple examples and real‑world scenarios.

Read Full Blog →
Naabu

Naabu Complete Usage

Nov 18, 2025 • 9 min read • Naabu Ports

A complete beginner‑friendly guide to Naabu for fast port scanning.

Read Full Blog →
Nuclei

Nuclei Full Usage

Nov 20, 2025 • 11 min read • Nuclei Automation

A detailed walkthrough of Nuclei templates, flags, and real usage.

Read Full Blog →
Dirsearch

Dirsearch — Zero to Hero

Nov 17, 2025 • 8 min read • Dirsearch Directories

Learn directory enumeration with full commands and use‑cases.

Read Full Blog →
Nmap

Nmap Essentials

Nov 18, 2025 • 7 min read • Nmap Scanning

Key flags, scripts, and workflows for network scanning.

Read Full Blog →
Path Traversal

What is Path Traversal

Nov 20, 2025 • 8 min read • Path Traversal File Access

Clear explanation of `../` attacks with safe examples.

Read Full Blog →
httpx

httpx Essentials

Nov 20, 2025 • 7 min read • httpx Live Hosts

Fast host probing and automation for recon workflows.

Read Full Blog →
Subfinder

Subfinder Zero‑to‑Hero

Nov 19, 2025 • 7 min read • Subfinder Discovery

Passive subdomain enumeration explained in simple words.

Read Full Blog →
XSS

Reflected XSS — Responsible Disclosure

Nov 9, 2025 • 5 min read • XSS Web Security

A safe, redacted XSS discovery explained step‑by‑step.

Read Full Blog →
SQLi visual

How I Found a (Sanitized) SQLi in a Search API

Nov 7, 2025 • 6 min read • Web Security SQLi

A safe SQLi discovery walkthrough with remediation steps.

Read Full Blog→