/root/jankesec :: pentest + vuln research
Notes from the unauthorized-looking side of authorized research.
Field logs for web application pentesting, vulnerability research, exploitability boundaries, and practical validation without the conference gloss.
Latest Drops
Write-ups, methodology notes, and vulnerability analysis from the lab.
Weaponizing Secure Email Gateways: When the Sandbox Clicks for the Attacker
When the SEG's sandbox click triggers real actions, the defender becomes the attacker's proxy.
Vulnerability Research From Zero to Root: Automating the Logsign Pre-Auth RCE Chain in Metasploit Jun 10, 2026 · 6 min read Vulnerability Research The Convergence: How Supply Chain Attacks Became Ransomware's Favorite Delivery Vehicle Jun 9, 2026 · 6 min read Vulnerability Research Inside the Machine: A Technical Anatomy of the 2025 Ransomware Ecosystem Jun 8, 2026 · 9 min read Vulnerability Research Mapping the Adversary: A Technical Profile of the 2025 APT Landscape Jun 7, 2026 · 9 min read
Operating Areas
Precise, repeatable notes for work that happens below the glossy layer.
WEB_INTRUSION_NOTES Authentication, authorization, business logic, client-side flaws, and API attack paths.
VULN_RESEARCH Root-cause notes, variant analysis, exploitability boundaries, and patch diffing.
EXPOSURE_MAPS Asset discovery, cloud-native misconfiguration, identity paths, and external attack surface.
FIELD_LOGS Reusable checklists, heuristics, tooling workflows, and lessons from authorized testing.
Index
Browse the archive by lane
Disclosure Discipline
Dark interface. Clean rules.
Posts avoid weaponized shortcuts and focus on methodology, root cause, validation, and defensive clarity. Sensitive details can be delayed, reduced, or generalized.