I’m an independent security researcher focused on vulnerability discovery in widely-deployed infrastructure: operating system kernels, hypervisors, and language runtimes. My public work includes a SQL injection in the Django ORM (CVE-2025-64459), a use-after-free in CPython’s perf_trampoline (Issue #143228), and a guest-to-host escape chain in QEMU’s CXL Type 3 mailbox emulation (writeup). Additional findings in kernel and confidential-computing targets are under coordinated disclosure and will be published here after patches ship.

I’m currently reading Cyber Security at the University of Warwick.

Writing

2026 · Guest-to-host escape via QEMU CXL Type 3 mailbox overflows
Three bugs in QEMU’s CXL mailbox emulation chain into a deterministic VM escape with full ASLR bypass in four mailbox commands. Reported to qemu-security; classified as non-security per CXL policy scope.

2026 · Hunting concurrency bugs: a race condition in CPython’s perf_trampoline
Use-after-free in CPython’s profiler trampoline teardown. Reported as Issue #143228; fixed via arena refcounting in 3.13/3.14.

2025 · SQL injection in the Django ORM (CVE-2025-64459)
Unsafe string formatting of the Q object connector allows injection into WHERE clauses via Q(**user_input). Fixed in Django 5.1.14, 4.2.26, and 5.2.8.

All writing →