It was May 2024, and our internal security team was evaluating the LogPoint SIEM/SOAR platform to replace our existing platform, potentially. As part of a habit I’ve built over the years —and honestly, part of our 3rd party due diligence— I gave myself 24 hours to do what I always do with any technology we’re about to trust: try to break it.

Those 24 hours were enough to uncover three serious vulnerabilities almost immediately. Given their impact, I stopped there and proceeded directly to responsible disclosure.

Months later, with time finally on my side, I came back not to look for more bugs but to better understand the system. That second look revealed something far more interesting: how small, seemingly independent 6 bugs could coalesce into a much larger problem.

This article tells that story. It follows a hacker human’s reasoning as it navigates unfamiliar code, undocumented behavior, and assumptions never meant to be tested. Along the way, it includes wrong turns and dead ends, but also the moments where something subtle feels off and careful inspection turns that feeling into a concrete finding.

I hope you’ll enjoy the journey as much as I did. Happy New Year to everyone 🎊🥳