Notes from the lab and the field.
Thoughts on technology, cybersecurity, and creative problem-solving
Next.js Auto-Deployment to a VPS Using GitHub Actions
Your laptop does not deploy your app. Your VPS does not build your app. GitHub Actions builds your Next.js project on a temporary runner, then securely SSHs into your VPS using a deploy key, syncs the build artifacts, and restarts the running process with PM2. You push to `main`. GitHub Actions does the work. Your VPS only runs the final result. If you are building on the server or SSHing from your laptop to deploy, you are doing it wrong.
Read more →Breaking (and Observing) a Chat Model: My Prompt-Injection Test
A concise write-up of a small experiment: how a model refused a disallowed request, then was socially engineered into producing dangerous output via simple self-attestation.
Read more →Pentest-Agent — building an LLM-aware red-team assistant
Pentest-Agent is an LLM-enabled penetration-testing orchestrator built to automate reconnaissance and vuln-enumeration workflows while keeping humans squarely in the decision loop. It's plugin-driven, async-first, and pragmatic — it runs `nmap` scans, parses results into structured data, feeds them to an LLM for analysis/planning, and then executes follow-up actions with safety checks. This post covers architecture, key design choices, stumbling blocks, security/ethics, and a roadmap.
Read more →Building a Web Experience: Creating the Bluedot Website
A technical deep dive into building a full‑stack portfolio using Next.js App Router, Prisma, NextAuth, and GitHub API.
Read more →Stay Updated
Follow my blog for insights on cybersecurity, development, and creative projects. I share practical tips and behind-the-scenes looks at my work.