- Linux Kernel Vulnerability Lurking for ~20 Years04 Oct 2025
- Bell-LaPadula Model has a covert channel and nobody talks about it!11 Sep 2025
- dTPM is dead10 Sep 2025
- TPM Fault Injection03 Sep 2025
- Point is not on the required curve!03 Sep 2025
- A Methodology for Security Requirement Engineering04 Apr 2025
- Preemptive scheduling on 16-bit real-mode os?27 Sep 2022
- Algorithm for Constructing Grammar Graph (Fuzzing)24 May 2022
- Authorization on Linux local IPC using SO_PEERCRED21 May 2022
- Rethinking SETUID root, Historical Approaches to Least Privilege01 Feb 2022
- Why setgid to nobody?17 Dec 2021
- The Confused Deputy and Capability Systems22 Nov 2021
- What is PR_SET_CHILD_SUBREAPER, How is it related to double-forked daemon?17 Nov 2021
- Optimizing LibFuzzer Mutator Selection with Multi-Armed Bandits11 Nov 2019
- Reducing Code Coverage Overhead using "Disposable Probes" (Fuzzing)21 Mar 2018
- Improving Coverage Guided Fuzzing Using Simple Static Analysis01 May 2017
- Fuzzing and Instrumenting Windows Kernel27 Apr 2017
- Write up for Iranian Society of Cryptology CTF08 Sep 2015
- Text Steganography In Farsi/Arabic Language01 Feb 2015
- Multiple Vulnerabilities in Padvish Antivirus Kernel Driver27 Sep 2014
- Noroi - Polymorphic Decoder Generator for Shellcodes26 Mar 2014
- Defeating Windows Kernel Driver Singing Enforcement04 Nov 2012
- Introducing Pwnypot - Deteting Drive-By-Download Zerodays25 Sep 2012
- Exploting Windows Kernel/Intel x64 SYSRET Vulnerability25 Aug 2012
- Bypassing Award-Winning ($50k) EMET 3.5's ROP Mitigations08 Aug 2012