- TPM Fault Injection03 Sep 2025
- Point is not on the required curve!03 Sep 2025
- A Methodology for Security Requirement Engineering04 Apr 2025
- Preemptive scheduling on 16-bit real-mode os?27 Sep 2022
- Algorithm for Constructing Grammar Graph (Fuzzing)24 May 2022
- Authorization on Linux local IPC using SO_PEERCRED21 May 2022
- Rethinking SETUID root, Historical Approaches to Least Privilege01 Feb 2022
- Why setgid to nobody?17 Dec 2021
- The Confused Deputy and Capability Systems22 Nov 2021
- What is PR_SET_CHILD_SUBREAPER what is it related to double-forked daemon?17 Nov 2021
- Reducing Code Coverage Overhead using "Disposable Probes" (Fuzzing)21 Mar 2018
- Improving Coverage Guided Fuzzing Using Simple Static Analysis01 May 2017
- Fuzzing and Instrumenting Windows Kernel27 Apr 2017
- Write up for Iranian Society of Cryptology CTF08 Sep 2015
- Defeating Windows Kernel Driver Singing Enforcement, Not That Hard!04 Nov 2012
- Pwnypot HoneyClient25 Sep 2012
- Windows Kernel Intel x64 SYSRET Vulnerability + Code Signing Bypass Bonus25 Aug 2012
- Bypassing EMET 3.5's ROP Mitigations08 Aug 2012