Everything I’ve published,
in one feed.
7 posts across writeups, research, and technical deep-dives. Filter by tag.
Semgrep Architecture: Comprehensive Reference
A deep technical reference on how Semgrep works internally - from CLI entry-point and target discovery, through parsing, AST normalisation, pattern matching and taint dataflow analysis, to output formatting.
Une nuit pour hacker 2026: Thread of Doom
Executive Summary Challenge: Thread of Doom Category: Reverse Engineering Flags: NHK26{VirtualProtect_Overwritten} Binary: NHK_CrackMe_V3.exe (PE32, x86, 43520 …
Enketo 6.2.1 - Auth-Bypass, SSRF, and XXE Browser Abuse to File Read
This article is the result of an OffenSkill Training. It discusses an unauthenticated arbitrary file read vulnerability found in the Enketo software, a web survey manager. The vulnerability, found during a white-box code review session, allows an unauthenticated attacker to read any arbitrary file on the server's by chaining an auth bypass, SSRF, XXE in svg and browser abuses.
Amazon AppSec CTF: HalCrypto
Executive Summary Challenge: HalCrypto Category: Web Security Vulnerability: JWT validation bypass via URL confusion with @ symbol Impact: Authentication bypass …
Amazon AppSec CTF: PageOneHTML
Executive Summary Challenge: PageOneHTML Category: Web Security Vulnerability: Server-Side Request Forgery (SSRF) via gopher:// protocol Impact: Access to …
Understanding Code Property Graphs
When I first started developing tools for source code auditing, my primary need was to track tainted data flows through complex codebases during manual code …
Code auditing 101
Topics covered This post explores the evolution from manual code review to automated security testing, covering: The reality of manual code review and its …