8 February 2024

Java applet + serialization in 2024! What could go wrong?

Recently, during a red team engagement […]

11 January 2024

A collection of weggli patterns for C/C++ vulnerability research

“No one cares about the old […]

30 November 2023

DevSecCon Italy video

Hi! Yesterday I spoke at DevSecCon […]

28 November 2023

Big update to my Semgrep C/C++ ruleset

“The attack surface is the vulnerability. […]

7 November 2023

OST2, Zephyr RTOS, and a bunch of CVEs

“When hackers tell me it’s so […]

24 October 2023

Customizing Sliver – Part 3

In this third and final post […]

24 October 2023

Customizing Sliver – Part 2

Hello! This is the second part […]

24 October 2023

Customizing Sliver – Part 1

Lately I’ve been conducting research into […]

30 August 2023

Extending Burp Suite for fun and profit – The Montoya way – Part 4

Setting up the environment + Hello […]

19 July 2023

Extending Burp Suite for fun and profit – The Montoya way – Part 3

Setting up the environment + Hello […]

5 July 2023

Extending Burp Suite for fun and profit – The Montoya way – Part 2

Setting up the environment + Hello […]

5 July 2023

Extending Burp Suite for fun and profit – The Montoya way – Part 1

-> Setting up the environment + […]