SQL Injection Detection: A Defensive Guide
How to detect SQL injection across web, app, and database telemetry — with Sigma, Suricata, and SPL rules, a CVE-2025-1094 case study, and tuning tips. Lab-only.
Read the analysis$ defensive security research · lab-only
Understand the attack. Build the defense.
darkpwn is a defensive security research publication: how real attacks work, what they leave behind, and the detections and hardening that stop them. Hardware hacking, detection engineering, and CTF analysis from a working lab — written for defenders, authorization-only.
Latest writing
All articles
Detection Engineering
SSRF Detection Without Exploit Code
SSRF detection without running exploits — metadata-access signatures, Sigma/Suricata/CloudTrail rules, IMDSv2 defense, a CVE-2025-53767 case, and tuning tips.
Detection Engineering
JWT Misconfiguration: Detection and Defense
JWT misconfiguration detection and defense — alg:none, RS256-to-HS256 confusion, and kid injection, with header-logging detection, Sigma rules, and MITRE mapping.
Defensive Research
Broken Access Control Testing for Defenders
Broken access control testing for defenders — detect IDOR and BOLA from authorization-failure telemetry with Sigma and SPL rules, plus deny-by-default hardening.
Detection Engineering
XSS CSP Hardening for Blue Teams
XSS CSP hardening for blue teams — a strict nonce-based policy, CSP violation reports as a detection feed, Sigma and Suricata rules, tuning, and MITRE mapping.
Defensive Research
Anatomy of a Kerberoasting Attack — and How to Detect It
How Kerberoasting abuses service tickets to crack service-account passwords offline — and the Sigma detection and hardening that shut it down. Lab-only.
Hardware Security
Detecting WPA2 PMKID Capture in Your Wireless Estate
How the clientless PMKID attack pulls a crackable hash from WPA2 APs — and the monitoring, WPA3 migration, and passphrase policy that defend against it.
Explore by discipline
Defensive Research
How attacks work — so defenders can stop them
BrowseHardware Security
RF, RFID, and implants on the bench
BrowseDetection Engineering
Sigma, YARA, Suricata that actually fire
BrowseCTF Analysis
Write-ups that teach the underlying primitive
BrowseSecurity Tools
The defender and researcher toolchain
BrowseNewsletter
The darkpwn dispatch
Defensive security research — detection, hardening, and hardware — delivered when there is something worth saying. No spam, unsubscribe anytime.