https://burakdirlik.dev/Burak DirlikA minimal, responsive and feature-rich Jekyll theme for technical writing. 2026-06-06T19:01:12+03:00 Burak Dirlik https://burakdirlik.dev/ Jekyll © 2026 Burak Dirlik /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png GraphQL Vulnerabilities from an Attacker's Perspective2026-06-06T16:20:00+03:00 2026-06-06T19:00:52+03:00 https://burakdirlik.dev/posts/graphql-vulnerabilities/ Burak Dirlik What GraphQL vulnerabilities are and how to find them in bug bounty — introspection, IDOR/BOLA, injection, and rate-limit bypass via batching, explained from scratch with examples. SSRF Deep Dive: From Internal Services to Cloud Metadata2026-04-25T00:00:00+03:00 2026-04-25T01:39:45+03:00 https://burakdirlik.dev/posts/ssrf-attacks/ Burak Dirlik From basic internal port scanning to AWS/GCP metadata exploitation — SSRF walked through real pentest scenarios, filter bypasses, and cloud attack paths. JWT Attacks: A Pentester's Playbook Through Real Scenarios2026-04-24T10:00:00+03:00 2026-04-25T01:38:42+03:00 https://burakdirlik.dev/posts/jwt-attacks/ Burak Dirlik From alg:none to kid injection, from algorithm confusion to jku manipulation — the JWT attack surface walked through real pentest scenarios. Mass Assignment: A Silent but Devastating API Vulnerability2026-04-20T10:00:00+03:00 2026-04-25T01:39:00+03:00 https://burakdirlik.dev/posts/mass-assignment-vulnerability/ Burak Dirlik The technical origin of the Mass Assignment vulnerability, scenario-based exploitation examples, real-world cases, and framework-specific defense methods. Privilege Escalation in Active Directory: RBCD Attack2026-04-15T21:49:00+03:00 2026-04-25T01:38:24+03:00 https://burakdirlik.dev/posts/Active-Directory-RBCD-Attack/ Burak Dirlik What is Resource-Based Constrained Delegation, how is it exploited, and a full end-to-end attack chain walk-through using RBCD-Pwn.