Security Research, Technical Insights & Digital Craftsmanshiphttps://thlab.studio/https://thlab.studio/appsec/hello-world/https://thlab.studio/appsec/hello-world/A brief introduction to THLAB and what you can expect from this space - security research, technical deep dives, and honest reflections on the craft.Sun, 15 Feb 2026 00:00:00 GMThttps://thlab.studio/appsec/waf-evasion-techniques/https://thlab.studio/appsec/waf-evasion-techniques/A practical breakdown of real-world WAF bypass methods — encoding tricks, protocol-level evasion, and why default rulesets create a false sense of security.Sun, 15 Mar 2026 00:00:00 GMThttps://thlab.studio/appsec/waf-audit-framework/https://thlab.studio/appsec/waf-audit-framework/How I built an automated WAF testing framework that covers OWASP Top 10 attack categories with detailed block rate analysis and reporting.Sun, 08 Mar 2026 00:00:00 GMThttps://thlab.studio/appsec/api-security-top-10/https://thlab.studio/appsec/api-security-top-10/Breaking down the OWASP API Security Top 10 with real-world examples, detection strategies, and defense mechanisms.Sun, 01 Mar 2026 00:00:00 GMThttps://thlab.studio/appsec/ai-assisted-web-pentesting-burp-mcp/https://thlab.studio/appsec/ai-assisted-web-pentesting-burp-mcp/How to run web pentests with an AI assistant that integrates directly with Burp Suite — from proxy traffic analysis to automated exploit generation and structured reporting.Mon, 16 Mar 2026 00:00:00 GMT