notes & write-ups

A deep-dive into the most common JWT implementation mistakes I encounter during engagements — algorithm confusion attacks, weak secrets, and missing validation.

How I dissected an undocumented binary protocol from a smart home device using Ghidra and Wireshark, ultimately finding an unauthenticated RCE.

Breaking down the physics of sub-bass, why key detection matters, and the workflow I use to tune 808s so they sit perfectly in a mix.

Full write-up for the HackTheBox CyberMonster challenge — format string exploitation chained with a weak ECDSA nonce to achieve full system compromise.

You don't need a CISO or a threat model doc the size of a novel. Here's a practical, lightweight approach for small teams that actually want to ship securely.

How I use granular synthesis to build the kind of unsettling, textured pads that underpin most of my darker productions — tools, techniques, and examples.