Blog on Sheran Gunasekera

Blog on Sheran Gunasekerahttps://sheran.io/blog/Recent content in Blog on Sheran GunasekeraHugoen-usMon, 02 Mar 2026 11:00:00 +0800Before The Breach - PIIhttps://sheran.io/blog/before-the-breach-pii/Mon, 02 Mar 2026 11:00:00 +0800https://sheran.io/blog/before-the-breach-pii/Do you know what personal data your company is actually collecting? In this article we discuss what it means to collect Personally Identifiable Information (PII) and how to understand and protect this data within an organization.Porting DNS Code from Zig 0.15 to 0.16: IO, Queues, and Concurrencyhttps://sheran.io/blog/porting-dns-from-zig-0.15-to-0.16/Tue, 16 Dec 2025 23:26:48 +0800https://sheran.io/blog/porting-dns-from-zig-0.15-to-0.16/Porting DNS lookups from Zig 0.15 to 0.16, exploring std.Io.net, async vs concurrent IO, and a subtle deadlock caused by bounded queues.Disable Zig auto-format in Neovim and Kickstarthttps://sheran.io/blog/disable-zig-auto-format-kickstart/Thu, 13 Nov 2025 15:31:22 +0800https://sheran.io/blog/disable-zig-auto-format-kickstart/How to disable Zig auto-format in Neovim with Kickstart configurationI finally figured out Zig's tls.Clienthttps://sheran.io/blog/figured-out-zig-tls-client/Fri, 31 Oct 2025 21:47:31 +0800https://sheran.io/blog/figured-out-zig-tls-client/After a two day struggle, I finally figured out how to use Zig 0.15.2’s tls.Client to talk to some https servers. yay.These helped me learn the new Zig std.Io interfacehttps://sheran.io/blog/zig-0.15-new-std-io/Thu, 30 Oct 2025 11:52:29 +0800https://sheran.io/blog/zig-0.15-new-std-io/This is a small list of videos and articles that helped me learn the new Zig 0.15.0 std.Io interface. Sharing it so anyone else stuck may get some inspirationHow to Pass a Pentest in a few easy steps!https://sheran.io/blog/how-to-pass-a-pentest/Sun, 13 Jul 2025 13:23:44 +0800https://sheran.io/blog/how-to-pass-a-pentest/Pentests are stressful to go through. Follow these easy steps as an engineering leader if you want to breeze through any Pentest that you find yourself facing.How to Install Void Linux on MacOS with Disk Encryptionhttps://sheran.io/blog/void-linux-arm64-luks-uefi/Sat, 26 Apr 2025 23:04:23 +0800https://sheran.io/blog/void-linux-arm64-luks-uefi/Here is how you can do a fairly unattended install of Void Linux ARM64 with FDE on MacOS with a UTM VM with UEFICheck your SSL Certificate validity for free with GitHubhttps://sheran.io/blog/check-ssl-cert-expiry-for-free/Thu, 17 Apr 2025 23:42:33 +0800https://sheran.io/blog/check-ssl-cert-expiry-for-free/Do not allow your SSL Certificates to expire. Use GitHub actions to check and alert you when they are about to expire for freeSetup Neovim With Zighttps://sheran.io/blog/setup-neovim-with-zig/Mon, 07 Apr 2025 10:11:36 +0800https://sheran.io/blog/setup-neovim-with-zig/This is what I did to get Neovim configured for Zig syntax highlighting and language serverLazy Guide to re-install Nixos on Macoshttps://sheran.io/blog/lazy-macos-guide-to-nixos/Tue, 17 Dec 2024 10:34:10 +0800https://sheran.io/blog/lazy-macos-guide-to-nixos/Macos Sequoia messes with Nixos. You can either fix it by following the Github issue, or you can keep with traditions and just re-install it.How to build PCRE2 with Zighttps://sheran.io/blog/building-and-using-pcre2-in-zig/Sun, 22 Sep 2024 13:53:00 +0800https://sheran.io/blog/building-and-using-pcre2-in-zig/If you want to use regex in Zig, your options are limited. One way is to import existing C libraries. Here is how I used PCRE2 in my Zig code.EdgeMAX Websocket Denial of Servicehttps://sheran.io/blog/edgemax-websocket-dos/Thu, 01 Aug 2024 19:13:15 +0800https://sheran.io/blog/edgemax-websocket-dos/Ubiquiti EdgeRouter Web GUIs may be disabled through an exposed WebSocket using this DoS attackCross compile gdb for MIPShttps://sheran.io/blog/cross-compile-gdb-for-mips/Tue, 30 Jul 2024 11:19:07 +0800https://sheran.io/blog/cross-compile-gdb-for-mips/These are my instructions on how to cross compile gdb and gdbserver for MIPS when you are on an x86_64Pentesters Hate Him. One weird trick to PWN everything!https://sheran.io/blog/pentesters-hate-him/Wed, 15 May 2024 14:08:30 +0800https://sheran.io/blog/pentesters-hate-him/ARP spoofing used to be such a powerful tool that no one talks about lately; this is a story of how I owned the ATM network of a bank in the UAE.Shook Lin & Bok Can Happen to Anyonehttps://sheran.io/blog/shooklin-can-happen-to-anyone/Thu, 09 May 2024 12:46:45 +0800https://sheran.io/blog/shooklin-can-happen-to-anyone/While what happened to Shook Lin & Bok can happen to anyone, we should explore further what it means to be security practitioners.My First Week as a Security Engineerhttps://sheran.io/blog/first-week-in-cybersecurity/Thu, 25 Apr 2024 11:57:09 +0800https://sheran.io/blog/first-week-in-cybersecurity/This is the story of how I got chased by security when dumpster diving on my first week on the job.Fireflies.ai leaks emails through Growthbook.iohttps://sheran.io/blog/fireflies/Fri, 23 Feb 2024 15:55:24 +0800https://sheran.io/blog/fireflies/Shortcut leaves hundreds of fireflies.ai user emails open to publicOur Wordlists Kinda Suckhttps://sheran.io/blog/wordlists/Sun, 05 Nov 2023 16:10:24 +0800https://sheran.io/blog/wordlists/Cleaning up our cybersecurity brute force wordlists one character at a time.Cyber Triage on MacOS?https://sheran.io/blog/cybertriage/Sun, 22 Oct 2023 18:40:51 +0800https://sheran.io/blog/cybertriage/How to speed up DFIR workflow and read a Cyber Triage collection file through the CLI