Prompt injection is a class of attacks where an adversary embeds malicious instructions into content that an LLM will process. As LLMs increasingly gain the ability to take complex autonomous actio...

TL;DR: JavaScript engines are fascinating and challenging from a security perspective due to their exposure to malicious code, memory corruption risks, frequent vulnerabilities, and exploit-friendl...

I have recently published a blogpost showing some of the work I have done during my internship at Quarkslab. The blogpost can be found here.

Recently as part of a small project I have been wondering what is the most efficient data structure for implementing associative arrays when symbolic keys are involved. An associative array is a ...

The THS (or Twente Hacking Squad) is the academic CTF team of the University of Twente in the Netherlands. This is also the university where I spent my first year of MSc. Time passes fast and my f...

Some time ago RHme3 qualifiers were ending. The challenges were very interesting to do and some of them particularly frustrating (yes whitebox crypto, I’m talking about you). Luckily I was able t...

The Exploitation challenge was the first of the three RHme3 qualification challenges that I manage to solve. As one would expect this was the challs that was solved the most, probably because the m...

Pwntools is a cool and useful framework/library for writing exploits. It comes with an handy built-in method for launching a gdb instance and attaching the target process to it. But, what if we wo...

Among the many features offered by the famous scanner nmap there is also a script to identify open relays (link here). If passed with the option --script to nmap this script will determine if an e...

Linked lists are the bread and butter of programmers. Even if you are not aware of that, your program is probably using this data type somewhere. Linked lists come in many flavors: simples, circul...