/* Home page - sections composed into the index */ const POSTS = [ { id: '04', title: 'You gave me a u32. I gave you root. (io_uring ZCRX freelist LPE)', sub: 'OOB heap write in io_uring zero-copy receive — from a small integer past a freelist to uid=0.', target: 'Linux 6.15 – 6.19 · io_uring ZCRX', date: '2026-05-06', state: 'disclosed', stateLabel: 'disclosed', href: 'post-zcrx.html', tags: ['linux', 'kernel', 'lpe', 'heap'], }, { id: '03', title: 'QuickJS - Heap-UAF in Atomics via ResizableArrayBuffer', sub: 'All 8 Atomics ops share a stale-pointer bug. valueOf() resizes the RAB, realloc moves it, write lands on freed memory.', target: 'bellard/quickjs master d7ae12a', date: '2026-04-25', state: 'disclosed', stateLabel: 'disclosed', href: 'post-quickjs.html', tags: ['quickjs', 'use-after-free', 'cve'], }, { id: '02', title: 'Trying to understand how Sublime Text works under the hood', sub: 'Reading the binary, naming the pieces, figuring out how plugins talk to the core.', target: 'Sublime Text Build 4200', date: '2026-04-01', state: 'learning', stateLabel: 'learning :)', href: 'post-sublime.html', tags: ['reversing', 'ida'], }, { id: '01', title: 'V8 12.4 - OOB Heap Write via Atomics.store on Float16Array', sub: 'A bounds check that runs before coercion - notes while the hypothesis is still forming.', target: 'V8 12.4.254.21 · Node.js 22 LTS', date: '2026-02-09', state: 'learning', stateLabel: 'learning :)', href: 'post-v8.html', tags: ['v8', 'browser'], }, ]; function Hero() { return (
@ze3ter § 00 / identity

Mohamed Salem Eddah

Security researcher. Always trying to go deeper, trying to develop my skills on building proof-of-concept exploit chains. I focus on analyzing attack surfaces and researching vulnerabilities in web applications, native software, and system-level components.

Trying to learn a new thing everyday.

x / @ze3ter_ · github / ze3tar · about →
); } function Digging() { // uptime counter from an arbitrary recent instant - purely visual "I'm currently on this" const start = React.useMemo(() => new Date('2026-05-06T00:00:00Z').getTime(), []); const [now, setNow] = React.useState(Date.now()); React.useEffect(() => { const t = setInterval(() => setNow(Date.now()), 1000); return () => clearInterval(t); }, []); const elapsed = Math.max(0, Math.floor((now - start) / 1000)); const d = Math.floor(elapsed / 86400); const h = Math.floor((elapsed % 86400) / 3600); const m = Math.floor((elapsed % 3600) / 60); const s = elapsed % 60; const uptime = `${d}d ${String(h).padStart(2,'0')}h ${String(m).padStart(2,'0')}m ${String(s).padStart(2,'0')}s`; return (
▸ currently_disclosing session uptime {uptime}
target Linux 6.15–6.19 · io_uring ZCRX freelist OOB → LPE CVE pending
status Reported to kernel security + io_uring maintainer. Fix in mainline (770594e), not yet in stable. PoC published. disclosed
next Waiting on stable backport + CVE assignment. Stable kernels still vulnerable if CONFIG_IO_URING_ZCRX=y. -
); } function FocusAreas() { const items = [ { n: '01', tag: 'vuln_research', h: 'Vulnerability Research', p: 'Logic flaws, race conditions, authentication bypass, privilege escalation.' }, { n: '02', tag: 'exploit_chains', h: 'Exploit Chain Development', p: 'Chaining low-severity issues into high-impact end-to-end attack scenarios.' }, { n: '03', tag: 'linux_internals', h: 'Linux Internals', p: 'Process isolation, IPC mechanisms, privilege boundaries, kernel interfaces.' }, { n: '04', tag: 'protocol_analysis', h: 'Protocol Analysis', p: 'Binary protocol reversal, IPC wire formats, authentication model analysis.' }, ]; return ( ); } function ToolStack() { const groups = [ { label: 'languages', tools: ['Python', 'C / C++', 'Assembly', 'Bash'] }, { label: 'domains', tools: ['Networks', 'Linux internals'] }, { label: 'tools', tools: ['pwntools', 'strace / ltrace', 'gdb / pwndbg', 'Burp Suite', 'IDA / Ghidra'] }, ]; return (
{groups.map(g => (
{g.label}
{g.tools.map(t => {t})}
))}
); } function Ledger({ rows, showHead = true }) { return (
{showHead && (
id research target state date
)} {rows.map(r => ( #{r.id} {r.title} {r.sub} {r.target} {r.stateLabel} {r.date} ))}
); } function HomePage() { return ( <>
currently
about

I work across offensive security and software engineering, focusing on vulnerability analysis, adversarial reasoning, and system-level investigation.

My work centers on understanding how software and systems behave under stress, how weaknesses emerge in real environments, and how they can be systematically identified and analyzed.

My approach is methodical, engineering-driven, and grounded in practical system understanding.

focus areas
tools & languages
notes
{POSTS.length} entries full archive →