$ whoami
collina
$ id
uid=1337(collina) groups=pentest,osint,ctf

I break web apps and APIs for a living, and chase loose threads through open sources for fun. This is where I keep field notes — the writeups, the tooling, the tradecraft that didn’t fit in a report.

What you’ll find here

  • Pentest — web/API exploitation walkthroughs, methodology, and the occasional CTF.
  • Investigation — OSINT pivots, entity mapping, and how to turn a single artifact into a full picture.
  • Tooling — small scripts and setups that pull their weight.

Everything here is my own work and opinion. Findings from real engagements are sanitized — no client data, no live targets, no crossing the line.

Contact

Reach me on the usual platforms. PGP on request. Responsible disclosure only.

// signal over noise