~/blog

Blog

thoughts, research, and writeups

From Hospital Pentest to Cisco Advisory: A Reflected XSS in Cisco IOS XE

September 25, 2025

TL;DR During a hospital security assessment, we discovered a reflected XSS vulnerability in Cisco IOS XE Web UI. The issue identified as CVE-2025-2...

Exploiting JWT Misconfigurations in Real-World Applications

August 16, 2025

TL;DR While performing AppSec reviews on our internal products, I repeatedly encountered JWT implementations with subtle but critical misconfigurat...

From Exploitation to Education: Building Secure Coding Challenges for Real-World Impact

July 29, 2025

TL;DR As a security engineer, I regularly work with real-world vulnerabilities in web, mobile, and API systems. Alongside that, I also design secur...

My First CVE: Remote Code Execution in Backdrop CMS (CVE-2019-19902)

July 26, 2025

TL;DR In 2019, I discovered a critical Remote Code Execution (RCE) vulnerability in Backdrop CMS v1.13.3, stemming from an insecure configuration i...
currently online
made with ♥ by claude.ai