A full walkthrough of a DLL sideloading vulnerability found in the Claude for Windows installer, from discovery through proof-of-concept to patch — and why this straightforward class of bug continues to matter in practice.

How the same AI analysis workflow that found a zero-day in strongSwan discovered a 9-year-old heap buffer overflow in BusyBox's DHCPv6 client — plus a full walkthrough of the proof-of-concept development process.

A walkthrough of building CoughDrop, an OPSEC-hardened COFF loader that achieves zero IOCs against Moneta and PE-Sieve through 19 hardening techniques including Module Shifting, indirect syscalls, and PEB-based API resolution.

A detailed walkthrough of implementing the DEF CON 31 NoFilter WFP technique as an OPSEC-hardened Havoc C2 BOF, including indirect syscalls, return address spoofing, patchless AMSI/ETW bypass, and lessons learned from Havoc BOF development.

WordPress's AJAX hook system structurally decouples registration from authorization — and that single design decision is why Missing Authorization accounts for 73% of unauthenticated plugin vulnerabilities.

How I discovered CVE-2026-25075 — a vulnerability that had been quietly sitting in strongSwan's codebase since 2011 — using a structured, multi-pass AI analysis workflow.