• Feb 14, 2024

    Mintty NTLM Leak - CVE-2023-50627

    stat - a menace. Maybe not to us folks in Linuxembourg, but to the citizens of Windonesia - traitorous.

  • Dec 14, 2023

    npm search RCE? - Escape Sequence Injection

    How many programmers does it take to filter out 36 characters? You may think this is an opening to a joke, but it’s not.

  • Dec 4, 2023

    It's not a Feature, It's a Vulnerability

    It takes a special kind of person to name a company after their own body part. Fortunately the Microsoft Security Response Center doesn’t seem to have inherited that kind of mentality, because when I have reported not a bug but a feature as a vulnerability - they accepted it.

  • Aug 28, 2023

    From Terminal Output to Arbitrary Remote Code Execution

    It was the year of the Linux desktop 1978. Old yellowed computers were not yet old, nor yellowed. Digital Equipment Corporation released the first popular terminal to support a standardized in-band encoding for control functions, the VT100.