a hacker at heart, a builder by practice, and a mentor by purpose. As co-founder of PRODAFT, I’ve spent the last two decades in vulnerability research and security product engineering.

Latests Blog Posts

Jan 1, 2026

The Story of a Perfect Exploit Chain: Six Bugs That Looked Harmless Until They Became Pre-Auth RCE in a Security Appliance

It was May 2024, and our internal security team was evaluating the LogPoint SIEM/SOAR platform to replace our existing platform,…
Read the story
Dec 15, 2025

Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain (ZDI-25-099, ZDI-25-097, ZDI-25-096)

It was yet another day at the office. Our team was internally discussing moving to a different platform analytics solution.…
Read the story
Nov 7, 2025

The Chessboard of Security: Insights on Product Development and Vulnerabilities from a Hacker Perspective

I was playing a quick game of chess while waiting for my coffee this morning. I had the white pieces…
Read the story

View all posts →

Disclosed Vulnerabilities

I’ve been in the vulnerability research field since 2004. Over the years, I’ve discovered and responsibly disclosed more than 300 vulnerabilities across a wide range of products and vendors. At this point, it’s almost impossible to keep track of all the CVE numbers I’ve accumulated — but I keep a personal index here.

Latest disclosed CVEs: