“Dirty Pagetable: A Novel Exploitation Technique To Rule Linux Kernel” yanglingxi1993.github.io/dirty_pagetabl… We succeeded in exploiting CVE-2023-21400 on Google pixel 7 with Dirty Pagetable. And we also pushed the exploitation of file UAF and pid UAF to the next level with Dirty Pagetable!

Excellent thread reviewing Romania's academic olympiad/competition situation and its absurdity. Bulgarian education shares the same problem.

And now it's official. I will compete at the European Cyber Security Challenge as part of the Bulgarian National Cyber Team!

CTF Player vs Bug Bounty Hunter

Finished a write-up of a vulnerability in the io_uring subsystem of the Linux Kernel. This one is interesting because it gives you an incredibly powerful primitive - a multipage-wide OOB read and write to physical memory. anatomic.rip/cve-2023-2598/

I have nothing technical to add so I made a meme instead (1/2)

"Why does everyone keep telling me to use c++?"

I won Cyber Security Challenge Bulgaria :)

This past weekend I gave my first talk at BSides Sofia. It was on modern Linux rootkits - stealth and evading EDR/XDR. Cool techniques, real-time demo, all the good stuff. It was quite the experience for sure and I was happy to see how well received it was :)

🎉 20! It was a happy trip around the Sun, I am incredibly grateful for the luck and the people in my life :)

Aptos' Fungible Asset model aims to improve security and flexibility over the legacy Coin standard. But does it eliminate all risks? In our latest blog, we analyze its design, security implications, and hidden vulnerabilities. Full breakdown → osec.io/blog/2025-02-1…

in light of the recent Bybit hack, what can Solana teams do to be more secure? Solana has a unique signature model, that is arguably safer for multisigs. I wrote a quick post exploring this model, proposing a procedure for safe signing. osec.io/blog/2025-02-2…

you can still do this by the way