Security engineer with 15 years in the field. My work spans software security assessments, cryptology research, penetration testing, and teaching security at university level.

This blog exists because some findings are too interesting — or too absurd — to keep in a private notebook. Expect writeups on real-world vulnerabilities, cryptographic curiosities, PoC exploits, and the occasional opinion on where the industry is heading.

What I do

• Security assessments — code audits, architecture reviews, threat modelling across a range of stacks and industries
• Cryptology — protocol analysis, implementation flaws, the gap between the math and the code
• Penetration testing — web, network, and application layer; red team engagements
• Teaching — university-level security courses; the goal is students who think, not just students who run tools

What you’ll find here

• Vulnerability research and PoC demonstrations
• Cryptographic deep-dives — both attacks and design decisions
• CTF writeups when something is worth explaining
• Observations from assessments (anonymised and responsibly disclosed)
• Opinions on security engineering, tooling, and practice

Contact

For responsible disclosure, research collaboration, or just to argue about cryptographic primitives, reach out via email. PGP preferred for sensitive topics.