Blog posts and security writeups.https://fulvio.sh/https://fulvio.sh/writeups/htb-reactoops/https://fulvio.sh/writeups/htb-reactoops/A static Next.js interface with no inputs and no obvious attack surface. The vulnerability was in the framework itself.Thu, 30 Apr 2026 00:00:00 GMThttps://fulvio.sh/blog/llm-vs-keyword-extraction/https://fulvio.sh/blog/llm-vs-keyword-extraction/Building ResumeRadar forced me to figure out exactly where LLMs outperform keyword matching for skill extraction, and where they don't.Tue, 28 Apr 2026 00:00:00 GMT