# Writing

Bylined posts on the ProjectDiscovery blog, older bug-bounty writeups on Medium, and notes published here — one list, newest first.

- [Building for humans and agents](/writing/building-for-humans-and-agents.md) `jul 2026`
  A colophon-style note on why this site renders every page twice — once as HTML for people, once as plain markdown for agents — and what that has to do with the observability work I actually do all day.
- [Benchmarking Neo's Black-Box DAST Capabilities](https://projectdiscovery.io/blog/neo-black-box-dast-capabilities) `projectdiscovery blog · apr 2026`
  Neo scores 51/60 (85%) on Argus under a hardened black-box methodology — the first public marker of the shift to AI-security research.
- [Introducing the httpx dashboard](https://projectdiscovery.io/blog/introducing-httpx-dashboard-2) `projectdiscovery blog · aug 2024`
  A hosted view over httpx scan output, built on the PDCP dashboard.
- [Fuzzing for Unknown Vulnerabilities with Nuclei v3.2](https://projectdiscovery.io/blog/nuclei-fuzzing-for-unknown-vulnerabilities) `projectdiscovery blog · mar 2024`
  A walkthrough of v3.2's fuzzing engine, built to surface unknown vulnerability classes rather than known signatures.
- [Scanning Login-Protected Targets with Nuclei v3.2](https://projectdiscovery.io/blog/scanning-login-protected-targets-with-nuclei) `projectdiscovery blog · mar 2024`
  Using v3.2's authenticated-scanning support to run templates against targets that sit behind a login.
- [Nuclei v3.2 Release with Authenticated Scanning, Advanced Fuzzing & more](https://projectdiscovery.io/blog/nuclei-3-2) `projectdiscovery blog · mar 2024`
  Authenticated scanning, advanced fuzzing, and ECDSA template signing land in v3.2.
- [Introducing Nuclei v3](https://projectdiscovery.io/blog/nuclei-v3-featurefusion) `projectdiscovery blog · oct 2023`
  A rewrite of Nuclei's execution core: the new Go SDK, the JavaScript scripting engine, and multi-protocol templates.
- [How I Got Access to a Company's Auth0 Management API](https://infosecwriteups.com/how-i-got-access-to-auth0-management-api-44d32fa6c477) `medium · oct 2023`
  A leaked Management API token that exposed roughly 300 users' data.
- [Introducing Alterx: Efficient Active Subdomain Enumeration with Patterns](https://projectdiscovery.io/blog/introducing-alterx-simplifying-active-subdomain-enumeration-with-patterns) `projectdiscovery blog · apr 2023`
  Why pattern-based subdomain permutation beats a static wordlist, and how Alterx's DSL generates candidates for active enumeration.
- [How I Found a Company's Internal S3 Bucket with 41k Files](https://infosecwriteups.com/how-i-found-a-companys-internal-s3-bucket-with-41k-files-94b453e588b5) `medium · may 2022`
  Three misconfigured S3 buckets on one target, one holding roughly 41k files (23.6 GB) including a database backup.
- [Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills](https://infosecwriteups.com/create-your-ultimate-bug-bounty-automation-without-nerdy-bash-skills-part-1-a78c2b109731) `medium · may 2022`
  A three-part series on Talosplus, the Go recon-automation framework built to replace ad-hoc bash scripts (3-part series; part 1 linked).

---

tarun@no-ide.dev · [github](https://github.com/tarunKoyalwar) · [x](https://x.com/KoyalwarTarun) · [linkedin](https://www.linkedin.com/in/tarun-koyalwar) · [medium](https://medium.com/@zealousme)

agents start at [/agents.md](/agents.md)
