Security
Application security, authentication systems, binary exploitation, and CTF research by Brahim Boumlik.
- ·18 MIN READ
How Attackers Break Software: A Security Research Deep Dive
Understanding how vulnerabilities are exploited is the only reliable way to design software that resists them. This covers the mechanics behind common attack techniques — grounded in real controlled-environment CTF research and what each one teaches about defensive engineering.
- ·22 MIN READ
Securing User Sessions: How Modern Authentication Works
Most auth vulnerabilities aren't in the login form — they're in how tokens are issued, stored, and invalidated. This breaks down access/refresh token flows, blacklisting strategies, and the production edge cases that keep user sessions genuinely secure.
- ·18 MIN READ
Two-Factor Authentication in NestJS: TOTP with otplib & QR Codes
Add 2FA to your NestJS app using otplib. Generate TOTP secrets with authenticator.generateSecret(), validate codes, render QR codes for Google Authenticator, and implement backup codes and account recovery — production-safe.
- ·30 MIN READ
Security from the Attacker's Perspective: Lessons from Vulnerability Research
The best secure code is written by engineers who understand how it breaks. This documents a structured journey through real security research — logical flaws, memory corruption, and exploitation techniques — and the defensive lessons each one surfaced.