Things I build, break, fix, and write about

8 July 2026
Local DNS proxy now preserves DNSSEC records

Cloudflare One Client for Windows now leaves DNSSEC records alone, which is exactly the sort of change I like, because it stops the client quietly meddling with answers. I have seen enough broken name resolution to know that a neat tunnel can still hide a messy DNS state.

8 July 2026
Cloudflare One Client for macOS DNS search suffixes

Cloudflare One Client for macOS can make a short hostname behave very differently, and most of the pain sits in the suffix list rather than DNS itself...

7 July 2026
Tracing acme.sh certificate handling in TLS interception

I spent too long chasing the neat version of TLS wiretapping reconstruction, then found the mess: shell parsing, token limits, and renewal timing. The...

7 July 2026
Reverse engineering game binaries with static analysis

Game binaries give up more than they should, if you know where to look. I start with binary analysis, not the folklore around the game, then use...

Latest blog posts you might like

6 June 2026
IIS server monitoring for BadIIS redirects

BadIIS is the sort of mess that hides in plain sight, because the site still loads while visitors are quietly sent elsewhere. I look for odd IIS log patterns, stray build artefacts, and service...

6 June 2026
Patching OpenVPN 2.6.x and 2.8_git

OpenVPN vulnerabilities are tedious until they are not; this one lives in the handshake path, so a crafted packet can knock the process over before you have even noticed the client has connected. I...

5 June 2026
GitHub file access through compromised development tools

A third-party development software compromise does not need to reach production to hurt. If a tool can read GitHub files, it can still expose source code, secrets, and enough context to make the next...

5 June 2026
Kernel ring-buffer drops in Inspektor Gadget

Inspektor Gadget is only useful if I can trust the trace, and a full kernel ring-buffer makes that harder than it ought to be. Once events start dropping, the neat output is lying by omission, which...

4 June 2026
Patch diffing Adobe Acrobat PDF prototype pollution

Adobe Acrobat PDF prototype pollution is one of those bugs that only looks neat after the fact. The diff shows three separate failures, and the ugly bit is how ordinary object lookup, trusted...

4 June 2026
Human-led AI-assisted pentesting and review limits

AI-assisted pentesting is useful in the boring middle, where it can sort noise, group candidates, and keep a large target set moving. The trouble starts when it sounds certain about nonsense, so I...

3 June 2026
F_SETPIPE_SZ and soft page quota effects

Soft page quota effects are easy to miss, until a pipe that should be 65536 bytes turns up at 8192 and your spray no longer lands where you expected. I have seen pipe_buffer capacity limits quietly...

3 June 2026
Public GitHub leaked AWS GovCloud credentials

A public GitHub repository should not have been holding AWS GovCloud credentials, yet there they were, alongside backups, passwords and internal deployment files. I spent too long on the dull bit,...

2 June 2026
Audit RFI history offline with CSV export

Cloudflare Security Center CSV export is one of those dull features that matters once you need a clean paper trail. I prefer the file on disk, where I can sort it, cross-check it, and stop relying on...

2 June 2026
React Server Components DoS patterns and WAF limits

Some Next.js Server Components vulnerabilities are crude enough for a WAF to catch, but the awkward ones sit in routing, cache behaviour, and middleware. I prefer patching first, because a broad block...