Things I build, break, fix, and write about

7 July 2026
Reverse engineering game binaries with static analysis

Game binaries give up more than they should, if you know where to look. I start with binary analysis, not the folklore around the game, then use strings, imports, and control flow to separate real structure from guesswork, and that usually exposes the first lie fast.

6 July 2026
Agentic AI still needs domain judgement

Agentic AI can write the thing, but it still cannot tell you whether the thing is right. That is where domain expertise matters, because a clean...

6 July 2026
Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's...

6 July 2026
wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto...

Latest blog posts you might like

23 June 2026
Prototype pollution in Adobe Acrobat PDF code paths

Prototype pollution in Adobe Acrobat PDF code paths is not a neat edge case, it is what happens when privileged JavaScript trusts the wrong shape of data. I keep coming back to the same point,...

22 June 2026
Human-in-the-loop AI pentesting for exploit paths

AI pentesting is useful when it speeds up the grunt work and leaves judgement where it belongs. I care less about noisy findings than about whether a small mistake can be chained into a working path,...

22 June 2026
Formal verification boundaries in corecrypto

corecrypto formal verification is useful right up to the point where the code stops being plain C. I trust the proof more than the marketing, but only if the compiler output still looks like the model...

22 June 2026
Weekly Tech Digest | 22 Jun 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

21 June 2026
pipe_buffer tmp_page reuse in Linux kernel

tmp_page reuse sounds neat until you try to make it behave, and then the pipe accounting starts getting in the way. I have found the useful part is usually not the obvious corruption, but the ugly...

21 June 2026
GitHub exposure of AWS GovCloud credentials

Public repos are brilliant at preserving bad decisions, and AWS GovCloud credentials are exactly the sort of thing that should never survive a commit. Once they are out, the clean-up is only half the...

20 June 2026
Hardening consumer routers against botnet abuse

Consumer routers are still being dragged into IoT botnets because the easy mistakes never went away, default logins, exposed admin pages, and forgotten services. I would rather spend ten minutes...

20 June 2026
Rotating AWS GovCloud secrets after repo disclosure

AWS GovCloud credential leakage is not a tidy mistake, it is a time problem. Once a secret hits public GitHub, I treat revocation, search, and handoff as one job, because leaving even one copy alive...

19 June 2026
Checking Proxmox VE 9.2 cluster networking before upgrade

Before I touch Proxmox VE 9.2, I make the cluster prove itself under strain, because corosync, migration, and storage paths always fail in the places you skipped. A node that looks fine at idle can...

19 June 2026
Tracking false positives after managed rule merges

Cloudflare WAF rule merge changes more than a label, and I have seen neat alerting fall apart because the detection moved, not because the noise went away. If you are counting rule IDs, you may be...