Research

Please Do Not Hack Me - The Tale of a TeamSpeak Use-After-Free

A walkthrough of the root-cause analysis behind the TeamSpeak 3 server use-after-free, and why reliable RCE turned out not to be possible. ...

June 3, 2026 · 1 min · 28 words · born0monday

No Leak, No Problem - Bypassing ASLR with a ROP Chain to Gain RCE

Following a previous post on ARM exploitation, this post walks through extracting and analyzing modern IoT firmware to discover a previously unknown vulnerability. We then construct an ARM ROP chain that bypasses ASLR without an address leak to achieve unauthenticated RCE. ...

November 10, 2025 · 1 min · 47 words · born0monday

ROPing our way to RCE

From vulnerability to exploit - this post explores the journey of developing an ARM ROP chain to exploit a buffer overflow in uc-http. ...

February 7, 2025 · 1 min · 29 words · born0monday

Exploring CVE-2023-2163: My Intro to Kernel Hacking

Ever since I got into security, kernel exploitation has fascinated me. So for my bachelor’s thesis, I finally decided to take a first dive into this deep and complex field - one that always seems to have more layers to uncover. ...

December 30, 2024 · 1 min · 211 words · born0monday

Beyond the @ Symbol: Exploiting the Flexibility of Email Addresses to gain RCE

As part of a security research, my collegue parzel and I examined the commercial and open source spam filter appliance MailCleaner. It turned out that the software was not fully aware of the flexibility offered by email address specifications, and as a result, we found an RCE that could be triggered by sending a malicious email. ...

June 7, 2024 · 1 min · 62 words · born0monday