Blog

thoughts, research, and writeups

From Exploitation to Education: Building Secure Coding Challenges for Real-World Impact

July 29, 2025

TL;DR As a security engineer, I regularly work with real-world vulnerabilities in web, mobile, and API systems. Alongside that, I also design secur...

My First CVE: Remote Code Execution in Backdrop CMS (CVE-2019-19902)

July 26, 2025

TL;DR In 2019, I discovered a critical Remote Code Execution (RCE) vulnerability in Backdrop CMS v1.13.3, stemming from an insecure configuration i...