Articles.
Field notes on offensive security — methodology, tradecraft, vulnerability writeups, and observations from the bug bounty trenches.
The Password Isn’t the Problem. The Trust Around It Is.
By Garrett Kohlrusch | GK Data LLC Password security has been a staple of security awareness training for decades. Use long passwords. Don’t reuse them. Change them regularly.…
Ransomware Doesn’t Break In. It Walks Through the Front Door.
By Garrett Kohlrusch | GK Data LLC The word “ransomware” still conjures an image of something forcing its way in — exploiting a vulnerability, bypassing a firewall, cracking…
Your API Is the Attack Surface. Does Your Security Team Know That?
By Garrett Kohlrusch | GK Data LLC Most web application security conversations start with the frontend. The login form, the input fields, the file upload handler. That’s where…
Your Website Is Live. But Is It Safe?
By Garrett Kohlrusch | GK Data LLC Getting a website live is a milestone. Most business owners treat it as a finish line. It isn’t. It’s a starting…
The Scam Call Sounded Exactly Like Your Boss. It Wasn’t.
By Garrett Kohlrusch | GK Data LLC A few years ago, “don’t click suspicious links” was most of what you needed to know. The emails were obvious. The…
AI Reports Are Ruining Bug Bounty — Here’s How to Use It Without Being Part of the Problem
By Garrett Kohlrusch | GK Data LLC Triage queues aren’t backed up because of a shortage of bugs. They’re backed up because of a flood of reports that…
Blind Stored XSS to Session Hijack: How I Earned My First P1
Bug Bounty | Methodology Author: Garrett Kohlrusch — GK Data LLC There’s a reason blind stored XSS is underrated in the bug bounty community — it requires patience,…