Categories

oldblog

Reducing Code Coverage Overhead using "Disposable Probes" (Fuzzing) - 21 Mar 2018

Improving Coverage Guided Fuzzing Using Simple Static Analysis - 01 May 2017

Fuzzing and Instrumenting Windows Kernel - 27 Apr 2017

Write up for Iranian Society of Cryptology CTF - 08 Sep 2015

Defeating Windows Kernel Driver Singing Enforcement, Not That Hard! - 04 Nov 2012

Pwnypot HoneyClient - 25 Sep 2012

Windows Kernel Intel x64 SYSRET Vulnerability + Code Signing Bypass Bonus - 25 Aug 2012

Bypassing EMET 3.5's ROP Mitigations - 08 Aug 2012

exploting

Defeating Windows Kernel Driver Singing Enforcement, Not That Hard! - 04 Nov 2012

Pwnypot HoneyClient - 25 Sep 2012

Windows Kernel Intel x64 SYSRET Vulnerability + Code Signing Bypass Bonus - 25 Aug 2012

Bypassing EMET 3.5's ROP Mitigations - 08 Aug 2012

re

Write up for Iranian Society of Cryptology CTF - 08 Sep 2015

fuzzing

Algorithm for Constructing Grammar Graph (Fuzzing) - 24 May 2022

Reducing Code Coverage Overhead using "Disposable Probes" (Fuzzing) - 21 Mar 2018

Improving Coverage Guided Fuzzing Using Simple Static Analysis - 01 May 2017

Fuzzing and Instrumenting Windows Kernel - 27 Apr 2017

unix

Authorization on Linux local IPC using SO_PEERCRED - 21 May 2022

Rethinking SETUID root, Historical Approaches to Least Privilege - 01 Feb 2022

Why setgid to nobody? - 17 Dec 2021

The Confused Deputy and Capability Systems - 22 Nov 2021

What is PR_SET_CHILD_SUBREAPER what is it related to double-forked daemon? - 17 Nov 2021

caps

Rethinking SETUID root, Historical Approaches to Least Privilege - 01 Feb 2022

The Confused Deputy and Capability Systems - 22 Nov 2021

os

Preemptive scheduling on 16-bit real-mode os? - 27 Sep 2022

sec-process

A Methodology for Security Requirement Engineering - 04 Apr 2025

tpm

TPM Fault Injection - 03 Sep 2025

Point is not on the required curve! - 03 Sep 2025