NedTechie / Blog

Deep dives into cloud security, infrastructure & DevOps

Practical engineering articles on Linux, AWS, penetration testing, and the tools that keep modern systems running.

13 Articles

17 Topics

Featured

Responsive rendering of Chirpy theme on multiple devices.

Book January 18, 2025 23 min

Master Linux File Permissions and File Types While Your Coffee Brews

Linux Permissions and File Types Explained by Infographic and Exercises. Perfect for Your Morning Coffee Read.

Nedim Hadzimahmutovic 23 min read

Latest Articles

View all

A terminal showing a completed pentest with findings summary

security Apr 20, 2026

Breaking My Own Infrastructure: 12 Days, 19 Findings, 3 False Positives

Twelve days ago I opened a terminal, pointed curl at our staging API, and started breaking things. I didn’t have a plan. I didn’t have a ...

9 min

A door that looks locked from across the street but opens when you turn the handle

security Apr 20, 2026

What --dryrun Taught Me About Confidence

I shipped a false positive to my team. In bold. With a CRITICAL severity tag. And I was wrong. Not “wrong about a detail” wrong. Wrong a...

6 min

An ALB accepting X-Forwarded-For headers directly from the internet

security Apr 20, 2026

The Load Balancer That Trusted Everyone

Rate limiting is supposed to stop brute-force attacks. Ours didn’t. Not because the rate limiter was broken – it worked perfectly. The pr...

7 min

Sequential ID enumeration revealing finance records with sensitive data

security Apr 20, 2026

I Can Read Everyone's Invoices (and Found a Backdoor Inside)

I was testing my own finance records. Checking that the API returned the right data for my user. Standard BOLA test – try accessing someo...

7 min

A refresh token being used five times with all five attempts succeeding

security Apr 20, 2026

The Refresh Token That Wouldn't Die

I logged out. Then I used my old refresh token. It still worked. I used it again. Still worked. Five times. Ten times. A week later. Sti...

7 min

Terminal generating 1000 invoices at 3 AM with no rate limiting

security Apr 20, 2026

It's 3 AM and I'm Creating a Thousand Invoices

I wasn’t supposed to be awake at 3 AM. But I’d had too much coffee and my brain wouldn’t shut off, so I figured I’d do one more test befo...

5 min

XSS payload in a support ticket rendering on the agent dashboard

security Apr 19, 2026

I Just Sent XSS Payloads to the Support Team

The best part about doing security testing on your own systems is that you can be as reckless as you want. The worst part is realizing yo...

5 min

JSON payload with dangerous internal fields highlighted in red

security Apr 18, 2026

When Your Internal Fields Aren't Internal: The Day I Deleted My Own Account

I deleted my own account today. Not on purpose. I’m not that chaotic. I was testing something, and then… I couldn’t log in anymore. Let...

6 min

Browser exploiting a CORS misconfiguration to steal data from an API

security Apr 17, 2026

The CORS Rabbit Hole I Didn't Want to Go Down

I was supposed to be testing SQL injection. That’s what my notes said: “Test for SQL injection in search endpoints.” But you know how it ...

6 min

Deep dives into cloud security, infrastructure & DevOps

Featured

Master Linux File Permissions and File Types While Your Coffee Brews

Latest Articles

Breaking My Own Infrastructure: 12 Days, 19 Findings, 3 False Positives

What --dryrun Taught Me About Confidence

The Load Balancer That Trusted Everyone

I Can Read Everyone's Invoices (and Found a Backdoor Inside)

The Refresh Token That Wouldn't Die

It's 3 AM and I'm Creating a Thousand Invoices

I Just Sent XSS Payloads to the Support Team

When Your Internal Fields Aren't Internal: The Day I Deleted My Own Account

The CORS Rabbit Hole I Didn't Want to Go Down

Trending Tags