Areas of Expertise

The areas where I focus and where most companies fail.

Active Directory

Attacks I see in 90% of Slovenian companies. From regular user to Domain Admin.

Web Security

Modern testing beyond OWASP Top 10. Logic flaws, authentication vulnerabilities.

API Security

Why Swagger is your worst enemy. JWT, OAuth, SSO failures.

Cloud Security

Cloud misconfigurations I exploit the most. IAM, privilege escalation.

Red Team

Red Team vs Pentest vs Audit. What a comprehensive attack simulation really means.

Evasion & EDR

Why EDR didn't stop me. Command-line obfuscation, detection blind spots.

Reporting & Risk

CVSS is not risk. How I score vulnerabilities for real decision-makers.

More Content

Read my articles, research, or prepare for a pentest.

Blog Research Pentest Preparation