I officially went under the knife for my second shoulder surgery to tackle this stubborn Frozen Shoulder (Adhesive Capsulitis ). My first round was back in February of this year, and then on August 20th, I went for round 2 with scoping as the add on. Rehab’s been my new fulltime gig, I’m hitting the clinic for about an hour and 15 minutes every morning from Monday to Friday, and then I get to replay the whole routine at home every night. Exhausting, but needed.
I’m finally weaning off the painkillers, which honestly felt like such a slog over the last couple of weeks. Sleeping at night is still a real battle, but at least now I’m only popping them when the pain ramps up enough to keep me tossing and turning, just to knock me out and get some sleep. Fingers crossed things keep improving from here!
Upcoming Plans
I finally said it out loud. In 2026 I’m going to be giving talks on client-side exploitation.
Here’s the thing though, it’s not something I’m amazing at right now. I know a little, but I wouldn’t call myself an expert. That’s exactly why I’m choosing it. I want to push myself, and the only way to get there is to dive in headfirst and commit to learning everything I can.
The plan is to take all the stuff I don’t know, all the times I’ve gotten frustrated trying to figure out client-side bugs, and turn that into short 30 minute modules. Each one will have a small CTF challenge that anyone can spin up and play with. It’s partly for me so I can finally build this foundation the right way, but also something others can use if they want to learn alongside me.
I’ve got some really solid friends I can reach out to when I’m stuck, but at the end of the day this is on me. If I want to be the hacker I know I can be, I’ve got to put the work in, one step at a time.
Now that I’m finally off painkillers and can sit down and actually focus, I’m starting fresh. Even with things I think I already know, I’m going back through them, redoing my notes, and making sure I’m not missing anything.
First up is Client-Side Path Traversal. I’m using Doyensec’s resource guide https://blog.doyensec.com/2025/03/27/cspt-resources.html and going through it piece by piece, blog by blog, video by video. I’ll take notes, write down what I learn, and then share my own understanding when I’m done. A lot of it will probably feel like review, but I know I’ll pick up new tricks and different ways of thinking that I can make my own.
Miami
From September 18th through the 21st I’ll be in Miami, hangin out with some of my long time bug bounty friends. It’s going to be four days of hacking, catching up, and exploring a city I’ve never been to before. Looking forward too it and I’ll try to post some pictures from the event.