This section contains:

  • The things that interest me
  • security notes
  • tooling breakdowns
  • random things I learned the hard way

Most posts are practical, minimal, and focused on how and why, not fluff.

Bleeding Lama CVE-2026-7482

What is ollama Ollama is a tool used to run large language models locally. Instead of relying on cloud providers, developers can download and run models like Llama, Mistral, Gemma, and others directly on their own systems. It exposes an API server that allows applications to: load AI models, generate responses, create custom models, and share or push models to remote registries. Its API is a local HTTP REST API, usually running on:
[Read more]

Python Tar Path Traversal with Symlink Exploitation

Executive Summary Archive extraction is one of the most trusted operations in modern computing. From package managers to backup systems, we routinely extract TAR files without a second thought. But what happens when the archive itself is malicious? This analysis examines a how archive traversal technique uses deeply nested directory structures and symbolic link chains to bypass validation mechanisms and write files outside the intended extraction directory. By understanding how path resolution works at the filesystem level, we can see why simple validation fails and how attackers exploit this gap.
[Read more]

How Iran Shut Down the Internet: A Technical Analysis of Centralized Network Control

Disclaimer: This article is written from a purely technical perspective to educate readers about internet infrastructure and network architecture. I have no political affiliation and seeks only to examine the technical mechanisms that enabled Iran’s 2026 internet shutdown. Introduction On January 8, 2026, at 8:00 PM Iran Standard Time, approximately 92 million Iranian citizens were suddenly disconnected from the global internet. This shutdown, which began during the twelfth day of nationwide protests, represented one of the most extensive and sophisticated internet blackouts ever recorded Wikipedia Georgia Tech News.
[Read more]

How Password Storage Fails: A Security Timeline Every Defender Should Know

Storing passwords safely is a really important part of running any website or app where people create accounts. When this is done badly, it has led to some of the biggest data leaks ever. Even years later, stolen passwords are still being reused by attackers to break into other accounts. Below are six common ways passwords have been handled over time, starting with the worst ideas and moving toward safer ones, explained in a simple way.
[Read more]

What Happens If You Import os on LeetCode?

Disclaimer: I do not promote hacking or abusing systems without permission. Everything shown here is purely for learning and experimentation. I was doing what I usually do solving problems on LeetCode using python when a random thought popped into my head: What if I import os and try to run something on the system? So I took a basic problem, Two Sum, solved it normally… and then added a tiny extra line at the end.
[Read more]