Neural networks are trained to learn patterns, but sometimes they learn a bit too well. Under the right conditions, ML models can memorize specific samples from their training data, and spit them b...

Update: 12 May 2026 I have just released Prompt Injection Defence Atlas, a taxonomy of defences against prompt injection. It includes and summarizes most of the available literature to date. Y...

TL;DR: JavaScript engines are fascinating and challenging from a security perspective due to their exposure to malicious code, memory corruption risks, frequent vulnerabilities, and exploit-friendl...

I have recently published a blogpost showing some of the work I have done during my internship at Quarkslab. The blogpost can be found here.

Recently as part of a small project I have been wondering what is the most efficient data structure for implementing associative arrays when symbolic keys are involved. An associative array is a ...

The THS (or Twente Hacking Squad) is the academic CTF team of the University of Twente in the Netherlands. This is also the university where I spent my first year of MSc. Time passes fast and my f...

Some time ago RHme3 qualifiers were ending. The challenges were very interesting to do and some of them particularly frustrating (yes whitebox crypto, I’m talking about you). Luckily I was able t...

The Exploitation challenge was the first of the three RHme3 qualification challenges that I manage to solve. As one would expect this was the challs that was solved the most, probably because the m...

Pwntools is a cool and useful framework/library for writing exploits. It comes with an handy built-in method for launching a gdb instance and attaching the target process to it. But, what if we wo...

Among the many features offered by the famous scanner nmap there is also a script to identify open relays (link here). If passed with the option --script to nmap this script will determine if an e...