Roman Romanenco6-Step Blueprint for a Winning Product StrategyIn the bustling alleys of the business world, a product strategy is akin to a GPS, guiding a product’s development and launch with finesse…3 min read·Sep 6, 2023----
Roman RomanencoHow I automate authenticated API security testingThis is a short & simple post about automating the dynamic application security testing (DAST) of a service API. Usually performed as part…2 min read·Oct 26, 2022----
Roman RomanencoinCoinmonksRegister and prosper with Web3 domainsWeb3 has been on fire this past year, we’re witnessing an emerging sector of innovation in its infancy. Similar to the rise of Web2…4 min read·May 1, 2022----
Roman RomanencoinCodeXCommon ransomware delivery and cost effective proactive defenseWe as security practitioners often remind others, good cyber hygiene and best practices in security controls will go a long way in…6 min read·Apr 27, 2022----
Roman RomanencoinCodeXDeconstructing the ransomware kill chainBy design ransomware is a relatively “noisy” form of malware and its kill chain presents multiple opportunities for network defenders to…4 min read·Apr 6, 2022----
Roman RomanencoCISSP: Mile Long, Inch Deep…Back in 2017 I sat and passed my CISSP exam, it was my first year practicing cyber security. At some point in my early career I decided…3 min read·Mar 24, 2022----
Roman RomanencoTunnel traffic through jump hostTunnel traffic through a compromised jump host to reach otherwise unreachable internal networks or hosts (pivot).2 min read·Jan 18, 2021----
Roman RomanencoApache Tomcat Deserialization of Untrusted Data RCE (CVE-2020–9484)a niche condition to trigger remote code execution via deserialization on Apache Tomcat3 min read·Nov 11, 2020----
Roman RomanencoHTB Buff — [writeup]Buff is a Windows machine rated as “Easy” on HackTheBox weighed toward CVEs. Webshells, file transfers and SSH tunnel port forwarding.3 min read·Aug 31, 2020----