Technical writeups, exploit notes, and security research logs.
- Breaking Flyto's MCP Recipe Runner: A Path Traversal Vulnerability
- React2Shell: CVE-2025-55182 Technical Analysis
- Container Escape: From Enumeration to Host Root
- Breaking Authentication: Bcrypt Truncation & Email Normalization
- Exploiting Symlink Upload and Session Forgery
- Exploiting CVE-2025-29744: When Prepared Statements Aren't Safe