home

Yet another personal blog. ✍️ I write here mainly to improve at writing. This consists in writing more often and avoiding procrastination by publishing even draft versions of blog posts, then iterating. So if a recent post looks incomplete, come back later.

• mastodon
• github
• email

• client-supplied server-run javascript again 2024-06-12
  Exploiting an outdated webkit version in wkhtmltopdf.
• when ruby's public_send method is an oddly named eval 2024-04-11
  Finding an RCE in a ruby framework called StimulusReflex.
• padding oracles in the sky with diamonds 2024-03-17
  Finding a padding oracle in a SCEP implementation.
• weakhash the poor man's way or how to save a memory constant on specific meet-in-the-middle type attacks 2020-09-24
  Using bit-sized table entries to solve a ctf task on cheap hardware.