security researcher

hi, i'm r00t26.
i break things
and write about it.

Security engineer · security researcher. I document my findings, build open-source tools, and share writeups.

⚑ writeups ⚙ my tools

bash — r00t26@kali

~/$ whoami

security engineer · researcher · perpetual tinkerer

~/$ cat interests.txt

web exploitation, network exploitation, reverse engineering, osint

~/$ ls -la ./certs

Security+, Pentest+, CEH, CISSP

~/$ _

recent writeups

5 total view all →

Pwning the Protector — CVE-2025-69258

A breakdown of CVE-2025-69258, an unauthenticated RCE vulnerability in Trend Micro Apex Central c...

CVE Breakdown Jan 2026

React2Shell — CVE-2025-55182

A breakdown of CVE-2025-55182, a CVSS 10.0 unauthenticated RCE vulnerability.

CVE Breakdown Dec 2025

WSUS RCE — CVE-2025-59287

A breakdown of CVE-2025-59287, a CVSS 9.8 unauthenticated RCE vulnerability in Windows Server Upd...

CVE Breakdown Nov 2025

SQL Injection to RCE

Exploiting a blind SQL injection vulnerability to leak credentials, then chaining it with a file ...

PicoCTF 2024 Mar 2024

SQL Injection to RCE

Exploiting a blind SQL injection vulnerability to leak credentials, then chaining it with a file ...

PicoCTF 2024 Mar 2024

tools

2 total view all →

Async port knocking tool with post-knock scanning and banner grabbing.

Python github ↗

A simple CLI based utility that can check the reputation of IPs using the AbuseIPDB API.

Python github ↗

latest posts

2025-01-04 The Fundamentals of Hashing
cryptography hashing
2025-01-03 Transmission Control Protocol (TCP)
networking tcp
2025-01-02 Simple Network Management Protocol (SNMP)
networking snmp
2025-01-01 Domain Name System (DNS)
networking dns
2024-01-20 Understanding JWT Algorithm Confusion Attacks
web jwt