This is my personal blog. Here, I write about things that scratch that one part of my brain. Those itches usually come from security-related topics I encounter during work or in my spare time. Some of my opinions might also find their way onto this site.

For a living, I dig for vulnerabilities in desktop, server, and web applications, as well as audit Microslop-dominated environments. Occasionally, I also roleplay as developer for internal tooling.
You can find me lurking and rarely posting on:
Some vulnerabilities I found got assigned a CVE:
- CVE-2026-1717↗: Lenovo Vantage - Arbitrary Process Kill
- CVE-2026-1716↗: Lenovo Vantage - Arbitrary Registry Delete
- CVE-2026-1715↗: Lenovo Vantage - Arbitrary Registry Write (LPE)
- CVE-2025-13154↗: Lenovo Vantage - Arbitrary File Delete (LPE)
- CVE-2025-0425↗: Cordaware bestinformed Infoclient - LPE
- CVE-2025-0424↗: Cordaware bestinformed Web - Multiple Authenticated XSS
- CVE-2025-0423↗: Cordaware bestinformed Web - Multiple Unauthenticated XSS
- CVE-2025-0422↗: Cordaware bestinformed Web - Authenticated RCE
- CVE-2024-9044↗: EasyTax AG - XXE
- CVE-2024-8602↗: SSK eCH-0196 taxstatement.jar - XXE
- CVE-2022-40799↗: D-Link DNR-322L - Authenticated RCE