$ ls ./blog/
Security Research Blog
Notes on cybersecurity, penetration testing, and vulnerability research. Long-form posts when there's something worth saying.
- IoTFirmwareReverse Engineering
Cracking Open the Black Box: A Practical Guide to IoT Firmware Analysis
Your router, your smart plug, your IP camera — they're all running code someone hoped you'd never read. Here's how to read it anyway.
12 min read - KubernetesCloud NativeCVE
Ingress-NGINX Under Siege: A Deep Dive into the Validating Webhook Vulnerabilities
What happens when the thing protecting your cluster's edge becomes the entry point. A walkthrough of the recent Ingress-NGINX validating webhook chain.
9 min read - Web3Web2Auth
The $1.7 Billion Blind Spot: How Web2 Flaws Are Eating Web3
Smart contract auditors stare at Solidity. Meanwhile, the bigger losses keep coming through old-school web2 holes — IDORs, broken auth, leaked keys.
7 min read