Technical writing on software engineering, systems design, and the tools that make it possible.https://blog.gtfo.dev/https://blog.gtfo.dev/blog/encryption-protects-the-column-not-the-schema/https://blog.gtfo.dev/blog/encryption-protects-the-column-not-the-schema/Encryption secures the ciphertext. The schema answers questions the privacy contract never considered — sharing graphs, behavioral timelines, search-token frequency maps. How to read a database the way an attacker does.Tue, 09 Jun 2026 00:00:00 GMThttps://blog.gtfo.dev/blog/race-conditions-read-write-gap/https://blog.gtfo.dev/blog/race-conditions-read-write-gap/A technical taxonomy of web race conditions beyond TOCTOU, explaining read-write gaps, HTTP/2 single-packet attacks, and the storage-layer primitives that close them.Sun, 26 Apr 2026 00:00:00 GMThttps://blog.gtfo.dev/blog/layer-2-vs-layer-3-switches/https://blog.gtfo.dev/blog/layer-2-vs-layer-3-switches/Most inter-VLAN routing in enterprise networks isn't done by a router. It's done by a switch that understands IP. This post breaks down how Layer 2 and Layer 3 switches differ, how SVIs and routed ports work, and why TCAM makes hardware-based routing possible.Wed, 08 Apr 2026 00:00:00 GMThttps://blog.gtfo.dev/blog/schnorr-zkp-from-scratch/https://blog.gtfo.dev/blog/schnorr-zkp-from-scratch/A worked-example introduction to zero-knowledge proofs using the Schnorr identification protocol, building to the sigma protocol abstraction that underpins modern ZKP systems.Wed, 08 Apr 2026 00:00:00 GMThttps://blog.gtfo.dev/blog/account-takeover-composite-attack-class/https://blog.gtfo.dev/blog/account-takeover-composite-attack-class/ATO isn't a CWE — it's an outcome. This post models account takeover as a composite attack class, maps the five vector families to their root causes, and builds the defense architecture that exploitation checklists leave out.Sun, 05 Apr 2026 00:00:00 GMThttps://blog.gtfo.dev/blog/tls-fingerprinting-the-first-gate/https://blog.gtfo.dev/blog/tls-fingerprinting-the-first-gate/TLS fingerprinting catches automation tools by their handshake — until the attacker uses a real browser. Part 1 of a series on why client-side bot defense is structurally limited.Sat, 28 Mar 2026 00:00:00 GMThttps://blog.gtfo.dev/blog/the-oracle-problem-http-compliance/https://blog.gtfo.dev/blog/the-oracle-problem-http-compliance/HTTP status codes are designed to be informative. That's exactly what makes them dangerous. Part 1 of a series on how RFC-compliant behavior creates exploitable information channels — and when breaking the spec is the right call.Tue, 24 Mar 2026 00:00:00 GMThttps://blog.gtfo.dev/blog/zero-knowledge-user-lookup/https://blog.gtfo.dev/blog/zero-knowledge-user-lookup/How do you find a user without the server ever knowing who they are? A deep dive into the paradox of zero-knowledge user lookup, why every client-side blind indexing approach collapses, and how OPRF-based truncated bucket routing solves it without leaking identity.Tue, 17 Mar 2026 00:00:00 GMThttps://blog.gtfo.dev/blog/aad-canonicalization-why-it-matters/https://blog.gtfo.dev/blog/aad-canonicalization-why-it-matters/A Python service encrypts secrets with AEAD. A Go service tries to decrypt them. Same keys, same AAD fields—authentication fails. The culprit? JSON serialization isn't deterministic. This is Part 1 of a series on AAD canonicalization: why it matters, and how to do it right.Sat, 07 Mar 2026 00:00:00 GMThttps://blog.gtfo.dev/blog/vendor-agnostic-networking-intro/https://blog.gtfo.dev/blog/vendor-agnostic-networking-intro/This 70-part series covers everything a network engineer needs to understand—from how devices communicate to how automation is reshaping the field. Structured around CCNA 200-301 objectives, but built on open standards. No vendor lock-in required.Sun, 01 Mar 2026 00:00:00 GMThttps://blog.gtfo.dev/blog/routers-how-packet-forwarding-works/https://blog.gtfo.dev/blog/routers-how-packet-forwarding-works/Your laptop knows one thing — the address of its default gateway. That gateway is a router, and every network you've ever used depends on at least one.Sun, 22 Feb 2026 00:00:00 GMT