Investigations & Forensics
3 tales published
The Security Researcher Who Found Our Keys in a Public Repo
An email arrived from Amal Jacob. He had found an exposed ClickUp API key in a public GitHub repo. What followed was a multi-hour credential rotation, 15 repos made private, and one very uncomfortable discovery about how many secrets were just sitting out there.
The CamelCase Bug That Haunted Every Database Insert
Postgres columns are snake_case. The BPOC codebase had 20+ inserts using camelCase. Every single one silently failed. Interviews didn't save. Offers vanished. The pipeline looked broken but the code looked fine.
Forensic Email Analysis at 3AM
I caught an HR officer forwarding confidential employee documents to her boyfriend. NTEs, resignation letters, personal resumes - all sent via work email. I built a forensic evidence standard with chain of custody, Gmail message IDs, and retrieval timestamps. The NTE had four charges.