// security research & notes

Breaking things
carefully,
then writing
about it.

I'm Michelle — security engineer sharing pentesting research, study notes, and lessons from the field. Turning complex topics into approachable language.

CRTP · CEH · Published in Block Magnates · Guest on 她Ta Zhi Dao · Public notes on HackMD

Featured · Block Magnates

Breaking into Web3:
Hacking On-Chain Smart Contracts

2025 · Block Magnates · 8 min read

A single missed check can drain millions.

An introduction to smart contract security — how the EVM works, where vulnerabilities hide, and a step-by-step breakdown of a classic reentrancy exploit.

function withdraw() external {
    require(balances[msg.sender] > 0);

    (bool success, ) = msg.sender.call{
        value: balances[msg.sender]
    }("");

    balances[msg.sender] = 0;  // state updated after external call
}

// Fix: checks-effects-interactions pattern
function withdrawSafe() external {
    uint256 amount = balances[msg.sender];
    balances[msg.sender] = 0;  // state first
    (bool success, ) = msg.sender.call{value: amount}("");
}

smart contracts web3 reentrancy solidity

Project Glasswing: Who Gets to Hold Mythos, and Why It Matters

Anthropic gated Mythos to twelve partners. The decision behavior signals industrial unilateralism — what it means for builders and attackers in the gated era.

ai security glasswing governance

Part 2: nmap dissected — don't blow your cover before you've even started

Going beneath the hood — how nmap really discovers hosts, what changes across subnets, and why the default "stealth" flags aren't that stealthy.

nmap tcp/ip offensive security

Article · Part 2 Apr 26

Part 1: nmap — why it's everyone's first scan

What nmap actually does, why everyone runs it first, and where depth and stealth start pulling in opposite directions.

nmap recon offensive security

Article · Part 1 Mar 26

I Updated My LinkedIn. Two Days Later, Someone Impersonated My CEO.

How phishing emails find you using LinkedIn scrapers, and how to spot them before they do — a real incident breakdown.

phishing osint social engineering

Cybersecurity, Scammers, and Confidence

Guest on 她Ta Zhi Dao — how scammers collect your data, social engineering in Asia, and building confidence as a woman in security.

social engineering podcast

Serendipity in Giving

Volunteering at the Women in Tech Global Summit 2025 in Osaka — how showing up and giving fully turns serendipity into something tangible.

personal volunteering

CRTP Study Notes

Full AD red team kill chain — from AMSI bypass and domain enumeration to Kerberos attacks, persistence, and cross-forest trust abuse.

Exploiting Databases

SQL injection and exploitation reference for Oracle, MySQL, and PostgreSQL — from union-based extraction to RCE and WAF bypass.

Exploiting ViewState

ASP.NET deserialization to RCE via ysoserial.net — TypeConfuseDelegate and ActivitySurrogateSelector gadget chains explained.

About

Security engineer based in Taipei. I spend my days finding what's broken in systems and helping organizations understand what's actually at risk.

I write about what I break and what I learn. If something cost me hours to figure out, I write it down so it costs you minutes.

Currently: researching, breaking, documenting.
Drawing diagrams nobody asked for.

Connect

→ LinkedIn → Medium → mnhartono@gmail.com