vulnerability research
16 posts
Sixty-three days to patch a forked parser
Technical breakdown of the FrontierOS RCE: a forked XML parser, an unpatched two-year-old CVE, and the fork-tracking failure that shipped it.
IOCCC 2025 ships glibc tcache poisoning primitives
The 29th IOCCC's 2025 winners distill heap metadata corruption, tcache poisoning, and type confusion into legal C - the same primitives behind modern CVEs.
The 64KB segment where every overflow rewrote a free list pointer
Win16's Local Heap overflow defines the metadata corruption class that still drives modern browser and kernel exploitation in 2026.
Korea's KCSC mandates server-side image parsers
Korea's mandatory AI image scanning forces every forum into a multi-layer parser and ML pipeline. The CVE surface and exploitation paths that result.
I built Burp Suite in Rust
Technical breakdown of an open-source Burp Suite alternative - proxy core, fuzzer, scanner depth, Collaborator gap, and what it means for vuln research.
The IIS virtual directory that won't stop bleeding
Technical analysis of the Exchange Server zero-day, the frontend-to-backend trust boundary it abuses, and what fires in EDR and IIS telemetry.
?auth=YWRtaW46MTEK and a million open cameras
Technical breakdown of the auth bypass, P2P relay, and default-credential failures that exposed over a million IP cameras and baby monitors.
Mandiant clocked 5 days in 2023
Mean time-to-exploit for critical CVEs has collapsed to days. The mechanism is patch diffing, n-day industrialisation, and telemetry gaps on appliances.
Mid-2024: a drunk LLM found a ksmbd kernel bug
How researchers used degraded LLM prompts to find a remote OOB write in the Linux kernel's ksmbd module, and what it means for kernel security.
NGINX ships emergency patch for HTTP/3 heap overflow
CVE-2026-42945 technical analysis: heap overflow in NGINX HTTP/3 HEADERS frame parsing, worker RCE primitive, telemetry gaps, and patch boundary.
Patching nginx doesn't close this one
CVE-2026-42945 NGINX rewrite module heap buffer overflow: bug mechanism, exploit primitives, MITRE mapping, and EDR telemetry blind spots in worker exploitation.
CVE-2026-31337: Dirty Frag roots every major distro
Technical analysis of CVE-2026-31337 'Dirty Frag': a Linux kernel UAF in IP fragment reassembly giving local root across major distros.