An old finding from 2019; the CVE was requested in 2020, approved by MITRE in August 2023, and sat in RESERVED state since. I was busy with life and didn't get around to writing it, doing the responsible disclosure now.

A short writeup for an old CVE I was credited on during my time at Sompo. I held onto this draft for a while due to life and NDA.

Been a long, long time since I last touched CTFs. It wasn't any official team by any means, so I had to do multiple categories by myself in the few hours limited weekend time I had for the CTF.

While bug hunting, I stumbled upon an open source repository which had been the cause of several of my bug bounty reports. This post goes into the details.

I tried to reverse engineer my favourite piano application and discovered a weird interaction which leads to a persistent crash. As the developer is still working on the patch, I will not disclose any exploit details for now.

I debated doing a writeup for this since I only worked on the easiest web challenge with my team, but since this blog needed an update I am publishing it. I solved miniblog++ after the CTF as a teammate solved it during it.