A detailed walkthrough of implementing the DEF CON 31 NoFilter WFP technique as an OPSEC-hardened Havoc C2 BOF, including indirect syscalls, return address spoofing, patchless AMSI/ETW bypass, and lessons learned from Havoc BOF development.

BTstack, libcoap, and miniupnpd are three entirely different protocol stacks — Bluetooth, CoAP, and UPnP — with nothing obvious in common. Yet systematic analysis surfaces the same class of memory safety failure across all three. This post examines the structural reasons why adjacent-network protocol implementations — those reachable only from the same local network or Bluetooth range — are a consistent source of these issues.

A walkthrough of DLL sideloading vulnerabilities found across several widely deployed Windows applications, and why this straightforward class of bug continues to matter in practice.

WordPress's AJAX hook system structurally decouples registration from authorization — and that single design decision is why Missing Authorization accounts for 73% of unauthenticated plugin vulnerabilities.

How I discovered CVE-2026-25075 — a vulnerability that had been quietly sitting in strongSwan's codebase since 2011 — using a structured, multi-pass AI analysis workflow.