Writing

Notes from the source.

CVE reverse-engineering, kernel and firmware auditing, and what happens when you point an LLM at a binary.

Finding an out-of-bounds read in ksmbd by asking “why does the sibling check this?”FindingJun 2026 · 7 min LLM-assisted binary diffing: finding 1-days before PoCs dropResearchFeb 8, 2026 · 8 min On the feasibility of using LLMs to execute multistage network attacksResearchJan 20, 2026 · 25 min Villager, inside out: FastAPI control plane + LLM task graph + MCP tool runnerResearchJan 6, 2026 · 12 min Reverse-engineering CVE-2022-26318 (WatchGuard Firebox): from network trace to root causeCVEDec 28, 2025 · 10 min Who can touch your kernel? Auditing /boot/vmlinuz-* on LinuxResearchDec 8, 2025 · 7 min From React2Shell to toy labs: understanding insecure deserializationResearchDec 8, 2025 · 8 min Transient scheduler attacks on CPUs: exploiting AMD's new microarchitectural leakResearchDec 4, 2025 · 8 min Firmware exploration: LLM as your annotatorResearchNov 30, 2025 · 5 min CVE-2017-11882CVEOct 26, 2024 · 3 min Symbolic links (symlinks) in LinuxResearchDec 24, 2024 · 3 min CVE-2024-1001CVESep 8, 2024 · 3 min CVE-2024-0012CVESep 8, 2024 · 3 min CVE-2022-40982CVESep 8, 2024 · 3 min CVE-2016-5195 (Dirty COW)CVESep 8, 2024 · 3 min CVE-2023-23397CVESep 8, 2024 · 3 min CVE-2014-0160 (Heartbleed)CVESep 8, 2024 · 3 min ROBOT — Return of Bleichenbacher's Oracle ThreatCVESep 8, 2024 · 3 min Zombie POODLE and GOLDENDOODLE attacksCVESep 6, 2024 · 6 min