Research

“Things aren’t different. Things are things.”

Research Interests

• Formal methods
• Fuzzing
• Embedded/IoT
• Firmware

Trophy Case

1. Django Allauth — Account Takeover via Provider Identifier Mutability (CVE-2025-65431)
2. KDE KIO — TOCTOU Race Condition LPE in kio-admin
3. VTK GLTF Loader — Memory Corruption:
   • CVE-2025-57107 — Heap Buffer Overflow
   • CVE-2025-57106 — Buffer Overflow
   • CVE-2025-57108 — Use-After-Free
   • CVE-2025-57109 — Use-After-Free