Practical guides, release deep-dives, and post-mortems on real findings. Written by the operator building the tool.
Ten independent hunters looking for weirdness instead of signatures. A look at the design philosophy, sample findings, and why anomaly-based scanning complements (not replaces) rule-based tools.
Walkthrough of the 9 category-specific exploit verifiers — canary reflection, time-based blind, content signatures, context-aware XSS. Safe payloads only.
A code review caught a critical issue: the signing secret was compiled into the .exe, meaning one leaked copy would let anyone mint keys. Here's how I fixed it.
Before you fire up any scanner against production, take 10 minutes to set up the guardrails. Rate limits, backups, maintenance windows, and which payloads are genuinely dangerous.