Phrack 72 article and WHY2025 conference talk
Writings and projects
Hi, I am a security researcher and tinkerer from the Netherlands. I work at Codean Labs as lead security analyst.
This site forms a collection of things I built/broke/tinkered with, generally in the areas of security, software development and a bit of electronics.
Use the tags to filter content, primarily hack (security-related). and make (development)
Phrack 72 article and WHY2025 conference talk
A logical vulnerability in OpenPGP.js, allowing for spoofed signatures using a crafted PGP packet sequence
Two vulnerabilities in LibreOffice allowing semi-arbitrary file read/write and env var leakage
A fully playable Tetris game embedded in a PDF file, using JavaScript and PDF form fields.
A bunch of bugs in Ghostscript, including a classic format string vulnerability leading to RCE
A bug in PDF.js (and Firefox) with widespread XSS consequences
Designing and hand-assembling a homemade mechanical keyboard with custom PCBs
Replacing a Gameboy Color's crystal oscillator with a Pi Pico to overclock it to dynamic frequencies.
Write-up on several bugs in Feathers.js, Sequelize, and Socket.IO relating to type confusion and incorrect interop assumptions
Hacking the Verifone VX820 payment terminal to run Doom and more.
Eternal side-project: an emulator for the original GameBoy
Exploiting a remotely-triggerable stack-based buffer overflow vulnerability on a Zyxel VMG8825-T50 router.
Finding and chaining multiple vulnerabilities to get root access on a Zyxel VMG8825-T50 router.
Implementing recursive portal rendering in an OpenGL engine with clever stencil buffer usage.
An AI (in the gamedev sense) that plays Tetris Friends by reading screen pixels and sending simulated keystrokes via X11.