- 📁 ..
- 📄 Compiling Android Kernel for my OnePlus DeviceApr 3, 2026
- 📄 LLVM Adventures: Fuzzing Apache ModulesMar 21, 2026
- 📄 FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970)Aug 13, 2025
- 📄 FortiWeb Pre-Auth RCE (CVE-2025-25257)Jul 10, 2025
- 📄 Android's CVE-2022-20201 (InstalldNativeService)Dec 12, 2024
- 📄 Android's CVE-2020-0401 (PackageManagerService)Dec 1, 2024
- 📄 Android's CVE-2020-0238 (AccountTypePreferenceLoader)Nov 26, 2024
- 📄 Pwning LLaMA.cpp RPC ServerOct 3, 2024
- 📄 Reverse Engineering a Kernel Driver challSep 22, 2024
- 📄 Hunting bugs in Nginx JavaScript engine (njs)May 24, 2024
- 📄 GenesisOS: Publishing my micro-kernel!Apr 22, 2024
- 📄 Exploiting n-day in Home Security CameraJan 5, 2024
- 📄 Pwning mjs for fun and SBXMar 8, 2023
- 📄 LuaJIT Sandbox Escape: The Saga EndsDec 30, 2022
- 📄 LuaJIT Internals(Pt. 3/3): Crafting ShellcodesSep 27, 2022
- 📄 LuaJIT Internals(Pt. 2/3): Fighting the JIT CompilerSep 13, 2022
- 📄 LuaJIT Internals(Pt. 1/3): Stepping into the VMAug 23, 2022
- 📄 LuaJIT Internals: IntroAug 22, 2022
- 📄 Discovering a 2-year old priv-esc in Redis(CVE-2022-24735)Jul 19, 2022
- 📄 Fuzzing with AFL | Part 2: Trying Smarter(Apache)Mar 12, 2022
- 📄 Fuzzing with AFL | Part 1: Trying Harder(Redis)Mar 10, 2022
- 📄 Compiling/Debugging ApacheNov 1, 2021
- 📄 Hacking Apache servers like it's 2004 (CVE-2021-41773)Oct 31, 2021
- 📄 Loading an ELF without the execve syscallSep 20, 2020
- 📄 Firebase Applications – The Untold Attack SurfaceSep 14, 2020
- 📄 Research Publication: Pwning PHP7 Internals (Zend engine)Aug 22, 2020
- 📄 Reverse Engineering Jazz Jackrabbit 2Jul 14, 2020
- 📄 Hacking GraphQL ApplicationsDec 13, 2019