Research

Digging. Toiling. Surfacing. Breathing. Searching. Grasping. Questioning.

Thumbnail for Sharing is Caring: Arbitrary Code Execution for Breakfast
Thumbnail for Sharing is Caring: Arbitrary Code Execution for Breakfast

Sharing is Caring: Arbitrary Code Execution for Breakfast

Binary exploitation in C++, gadget mania, and a new form of deserialization attack.

2025‑10‑03
10 minute read
ctf pwn cpp
Thumbnail for Reverse Engineering a Siemens Programmable Logic Controller for Funs and Vulns (CVE-2024-54089, CVE-2024-54090 & CVE-2025-40757)
Thumbnail for Reverse Engineering a Siemens Programmable Logic Controller for Funs and Vulns (CVE-2024-54089, CVE-2024-54090 & CVE-2025-40757)

Reverse Engineering a Siemens Programmable Logic Controller for Funs and Vulns (CVE-2024-54089, CVE-2024-54090 & CVE-2025-40757)

When security by obscurity breaks...

2025‑09‑12
9 minute read
embedded reverse cryptography
Thumbnail for Output-Invariant and Time-Based Testing – Practical Techniques for Black-Box Enumeration of LLMs
Thumbnail for Output-Invariant and Time-Based Testing – Practical Techniques for Black-Box Enumeration of LLMs

Output-Invariant and Time-Based Testing – Practical Techniques for Black-Box Enumeration of LLMs

Abusing inherent context and sluggishness in LLMs for stealthy enumeration of prompt injection points.

2025‑05‑09
12 minute read
infosec ai notes
Thumbnail for Dynamic Views Loading – Abusing Server Side Rendering in Drogon
Thumbnail for Dynamic Views Loading – Abusing Server Side Rendering in Drogon

Dynamic Views Loading – Abusing Server Side Rendering in Drogon

What could go wrong releasing a C++ web server with "live reload" into the wild?

2024‑08‑18
8 minute read
infosec cpp ctf