Roman Romanenco6-Step Blueprint for a Winning Product StrategyIn the bustling alleys of the business world, a product strategy is akin to a GPS, guiding a product’s development and launch with finesse…Sep 6, 2023Sep 6, 2023
Roman RomanencoHow I automate authenticated API security testingThis is a short & simple post about automating the dynamic application security testing (DAST) of a service API. Usually performed as part…Oct 26, 2022Oct 26, 2022
Roman RomanencoinCoinmonksRegister and prosper with Web3 domainsWeb3 has been on fire this past year, we’re witnessing an emerging sector of innovation in its infancy. Similar to the rise of Web2…May 1, 2022May 1, 2022
Roman RomanencoinCodeXCommon ransomware delivery and cost effective proactive defenseWe as security practitioners often remind others, good cyber hygiene and best practices in security controls will go a long way in…Apr 27, 2022Apr 27, 2022
Roman RomanencoinCodeXDeconstructing the ransomware kill chainBy design ransomware is a relatively “noisy” form of malware and its kill chain presents multiple opportunities for network defenders to…Apr 6, 2022Apr 6, 2022
Roman RomanencoCISSP: Mile Long, Inch Deep…Back in 2017 I sat and passed my CISSP exam, it was my first year practicing cyber security. At some point in my early career I decided…Mar 24, 2022Mar 24, 2022
Roman RomanencoTunnel traffic through jump hostTunnel traffic through a compromised jump host to reach otherwise unreachable internal networks or hosts (pivot).Jan 18, 2021Jan 18, 2021
Roman RomanencoApache Tomcat Deserialization of Untrusted Data RCE (CVE-2020–9484)a niche condition to trigger remote code execution via deserialization on Apache TomcatNov 11, 2020Nov 11, 2020
Roman RomanencoHTB Buff — [writeup]Buff is a Windows machine rated as “Easy” on HackTheBox weighed toward CVEs. Webshells, file transfers and SSH tunnel port forwarding.Aug 31, 2020Aug 31, 2020