:: bogs.io

Archive

Blog posts

The current bogs.io archive focuses on practical security topics, from SMB tradecraft to CSRF and custom Python tooling.

Entries

Recent writing

June 8, 2026 // Essay

This Website Does Not Use Cookies

No cookie banners. No tracking pixels. No consent dialogs. This site uses Plausible for analytics, which does not use cookies, does not track individuals, and does not require your permission to count a page view.

Open post

May 25, 2026 // Essay

2anything - The last file convertor you will ever need

2anything is a local file convertor for macOS built to convert almost anything to almost anything while keeping private files on your own machine.

Open post

May 24, 2026 // Essay

What Good Local Software Is Supposed to Be

Local software should work offline, hide its internal complexity, make a best effort with imperfect input, produce meaningful errors, and do a few things well.

Open post

March 15, 2026 // Essay

The Decline of Software

Software used to do one thing well and get out of the way. Now every tool wants a monthly fee, an internet connection, and an AI assistant. What happened, and what good still looks like.

Open post

June 10, 2021 // Pentesting cheatsheet

Attacking SMB

A practical guide to enumerating SMB, abusing null sessions, using PsExec, and capturing or relaying NTLM authentication.

Open post

Feb. 15, 2021 // Web security

Complete Guide to CSRF

An end-to-end explanation of CSRF, including GET and POST attack patterns, attack preconditions, browser constraints, and common defenses.

Open post

Feb. 15, 2021 // Python security tooling

Cracking Passwords with Python

A walkthrough for building a threaded brute-force script that handles CSRF-protected login forms instead of relying only on off-the-shelf tools.

Open post