Incredibly excited to share that my research 'Playing with HTTP/2 CONNECT' made the final @portswigger.net Top 10 Web Hacking Techniques of 2025! A huge thank you to everyone who voted. It’s a privilege to be featured alongside such talented researchers. portswigger.net/research/top...

You like technical deep dives into binary exploitation and crazy heap wizardry? Then you'll like our blog post about unauth'ed RCE in NetSupport Manager aka CVE-2025-34164 & CVE-2025-34165 code-white.com/blog/2026-01...

Honored to be nominated for the @portswigger.net Top 10 Web Hacking Techniques 2025 with my research "Playing with HTTP/2 CONNECT". Make sure to check out the full list and cast your vote! portswigger.net/polls/top-10...

We always love a good challenge. That’s why we’re sponsoring the 10th FAUST CTF. Game on at 2025.faustctf.net

Just pushed a new frontend for my site, and a new post! This one's about an tricky file write vulnerability on Windows in OBS. By crafting an image with very specific pixels, we can plant a backdoor on your PC all from an attacker's site by misconfiguring: jorianwoltjer.com/blog/p/resea...

One-Click RCE in ASUS’s Preinstalled Driver Software mrbruh.com/asusdriverhub/

Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-...

My blog post on some vulns in GFI MailEssentials frycos.github.io/vulns4free/2...

Ever wondered how Kurts Maultaschenfabrikle got hacked in 2023? The full story, all technical details, out now ;-) apply-if-you-can.com/walkthrough/...