About
Blog
Tools53

Blog

Notes on APIs, automation, and security.

Technical posts on reverse-engineering, security research, automation patterns, and the day-to-day of solo engineering work.

← hometools →

ekofyi

Reverse-engineering APIs. Building automation. Shipping tools.

Site

About
Blog
Tools

Elsewhere

Twitter / X
LinkedIn
Email

© 2026 ekofyi · built with ☕

⌕

Sort:

All API Reverse Engineering Automation Patterns Security Research Indie Workflow· 3 posts

3 results

Security ResearchMay 19, 20266 min read
How I got free cinema credit by ordering -2 popcorns
A missing input validation on M-Tix Cinema XXI's food ordering API let me increase my account balance by submitting negative quantities. No tools needed — just a browser.
Security ResearchMay 18, 20267 min read
How I analyze API security headers in 30 seconds
A quick checklist for reading HTTP response headers and spotting security misconfigurations before you even look at the response body.
Security ResearchMay 18, 20269 min read
Common auth mistakes I find when reverse-engineering APIs
After years of poking at APIs that weren't meant to be poked at, these are the auth patterns that break most often — and why.