The 2026 Deep Dive

Going Deeper into Code Review, Reverse Engineering, and Web Exploitation

I keep coming back to the same itch: I want to know what’s actually happening under the hood. Not “the scanner flagged it,” not “the payload worked” — why it worked, what the bytes were doing, where the bug actually lives in the code. There’s no career milestone forcing this. I just can’t leave it alone.

So this year goes deep in three directions: code review, reverse engineering, and web exploitation. I’ve already bought the materials, which for me is the part that makes it real — money down, no graceful exit.

The Reading List

Everything starts with Eugene Lim’s From Day Zero to Zero Day.

This isn’t a casual pickup. Code review, reverse engineering, fuzzing — one book, the exact three things I’m chasing, written by someone who actually finds the bugs. It’s close enough to how I already think about hunting that it’s effectively my playbook for the year. Everything else on this list is support for what’s in here.

FromDayZeroCover

The Course Lineup

Four from Cyberwarfare Labs, plus one from HTB. They’re not equal weight, and I’m not going to pretend they are.

Certified Windows Internals Red Team Operator (CWI-RTO) is the one I’m in right now, and it’s the one earning its place. Win32 and NT APIs, user-mode malware analysis, kernel structures in WinDbg. The first time EPROCESS, ETHREAD, and KPCR stopped being words in a blog post and became things I could walk through in a debugger, the whole “under the hood” thing got a lot less abstract. This is the groundwork the rest depends on.

CWI_RTO

Certified Exploit Development Professional (CEDP) is stack exploitation, properly this time. I’ve dabbled — everyone dabbles — but dabbling isn’t knowing, and I want to actually own this.

CEDP

Certified Enterprise Security Controls Attack Specialist (CESC-AS) — advanced pentesting, offensive C# tradecraft, Windows API abuse, deeper AD. A Black Friday grab at a price that wasn’t going to come back.

CESC_Image

Certified Stealth Cyber Operator (CSCO) is the heavy one. Red team infra, abusing misconfigured controls, offensive tooling in C/C++/C#, and AV/EDR bypass. It’s the most ambitious thing on the list and I bought it knowing that.

CSCO_Image

Web Exploitation rounds it out: HTB Certified Web Exploitation Expert (CWEE). Advanced injection, NoSQL, XSS and CSRF done properly, whitebox testing. This is the half of the year that points back at the bounty work directly.

CWEE_Banner

The Plan

It’s a lot of material and I’m not pretending a year clears all of it. That’s fine — the list is a direction, not a checklist to speedrun. None of this is about the certificates. It’s about being able to open something, take it apart, and actually understand the answer.

I’ll write as I go: what breaks, what clicks, walkthroughs when something is worth walking through. If you’re deep in any of this — especially the From Day Zero material — I want to hear how you’re approaching it.