Stay Informed. Stay Ahead.

AI, Cybersecurity, Software Engineering and Beyond.

Latest Posts

Breaking Memory Safety in the Heap Arena

In my previous post, I provided an extensive analysis of the memory allocator used by the GNU C library. In this post, I’ll show how weaknesses in the glibc heap allocator design can be abused to turn memory errors like buffer overflows (spatial defects) or use-after-free bugs (temporal errors)

Cracking Userland Memory Defects (Stack)

This post discusses memory defects at the stack level, covering different stack exploitation techniques and how they are mitigated in modern environments. If you are interested in heap exploitation, see my other post, which introduces heap-based attacks and explains how memory allocators can be abused to achieve successful heap exploitation.

Glibc Heap Internals

Memory defects such as buffer overflows, double frees, and use-after-free remain a leading cause of security vulnerabilities in low-level programming languages like C and C++.  Contemporary heap exploits differ significantly from stack-based attacks. Exploiting heap defects requires more than just triggering a bug, it demands a deep understanding of the

The Model Context Protocol (MCP): Unified Approach To Building Agentic AI systems

Whether you are an AI engineer or working on workflow automation, you probably know how much attention the MCP or Model Context Protocol has attracted recently; thanks to the AI hype cycle. Since its introduction by Anthropic, it has gained real momentum, supported by a vibrant community ecosystem with thousands

You See Me, Now You Don't: BPF Map Attacks via Privileged File Descriptor Hijacking

While diving into BPF internals, I discovered certain types of attacks that can be used to mess with the internals of security solutions relying on BPF for prevention and detection. Specifically, an attacker could silently disable the delivery and execution of BPF programs, by stealing a file descriptor and completely

Parquet Under Fire: A Technical Analysis of CVE-2025-30065

Last week, a vulnerability in Apache Parquet’s Java library CVE-2025-30065 was published, carrying a CVSS score of 10.0. Parquet is widely used in modern data pipelines and analytics systems, including technologies like Apache Spark, Trino, Iceberg, etc. As a result, a malicious actor who is able to deliver

Sequencing the Invisible: System Behavioral Modeling from Sequence-Based Approaches to Provenance Graphs

During the last few months, I spent a significant amount of time reviewing system modeling literature and exploring the current advancements in this area of research. Specifically, my goal was to apply advanced machine learning including deep learning techniques to efficiently represent system events in a euclidean space and detect

Unraveling eBPF Ring Buffers

The goal of this post is to provide an in-depth discussion of BPF ring buffers, covering their internals, including memory allocation, user-space mapping, locking mechanisms, and efficient data sharing with user-land processes. This article is quite detailed, and I understand that some of you may not want to spend minutes

On the Complexity of Synchronization: Memory Barriers, Locks, and Scalability

Writing performant, portable, and correct parallel programs in multiprocessor systems or SMP, where each processor may load and store to a single shared address space, is not trivial. Programmers must be aware of the underlying memory semantics, i.e. the system optimizations performed by the clever beast hardware or cpu.

Popular Tags