Security research focused on authentication and identity vulnerabilities in modern web applications.https://blog.cctbp.com/https://blog.cctbp.com/posts/26-05-29-local-lab-blueprint/https://blog.cctbp.com/posts/26-05-29-local-lab-blueprint/A reproducible, containerized interception lab for auth-flow research — mitmproxy, Docker, and browser session containerization, built to be torn down and rebuilt in under five minutes.Fri, 29 May 2026 04:00:00 GMThttps://blog.cctbp.com/posts/26-05-22-oauth-authorization-code-interception/https://blog.cctbp.com/posts/26-05-22-oauth-authorization-code-interception/Authorization code interception end-to-end: what the attack looks like, where the seam is, and what it produces in logs. Reproducible against FlawedToken.Fri, 22 May 2026 04:00:00 GMThttps://blog.cctbp.com/posts/the-gap-nobody-talks-about/https://blog.cctbp.com/posts/the-gap-nobody-talks-about/A controlled lab environment for auth-flow attack chains has never existed in any usable form. This series is about closing that gap.Sat, 16 May 2026 08:00:00 GMT