// research & writeups

The OffSec Codes blog

Field notes from real engagements — exploitation techniques explained, and the hardening that closes each gap. Defensive intent, authorized testing only.

Web Security·May 28, 2026·7 min

Hunting IDOR at Scale: From One Object to Every Tenant

Insecure direct object references are still everywhere. Here's the methodology we use to turn a single leaked ID into a full multi-tenant data exposure — and how to shut it down.

#web#idor#access-control

read writeup →

Cryptography·May 12, 2026·6 min

JWT alg Confusion: When RS256 Becomes HS256

A classic key-confusion bug lets an attacker sign tokens with the server's own public key. We walk through detection and the one-line server change that kills it.

#jwt#crypto#auth

read writeup →

Cloud Security·Apr 30, 2026·8 min

From Pod to Node: Container Escape Fundamentals

What we look for first when we land a shell inside a Kubernetes pod during a cloud assessment — and the hardening that closes each path.

#cloud#kubernetes#containers

read writeup →