just another security-related blog.
Hey, I’m Igris — a security engineer who likes taking things apart to understand how they break.
This blog is my field notebook: deep dives into Linux and kernel internals, hardware security, reverse engineering and malware development, and lately the messy, fascinating frontier where AI meets offensive and defensive security.
Expect hands-on write-ups, paper breakdowns, and the occasional rabbit hole — written to make hard problems a little more approachable (and to remind me what I learned along the way). Whether you’re a fellow practitioner, a curious beginner, or just here to watch something get rooted, pull up a chair.
Let’s explore, break, and build.
Recent blogs,
-
PACMAN: Breaking ARM Pointer Authentication with Speculative Execution
ARM Pointer Authentication was designed around a simple and elegant principle: if an attacker corrupts a protected pointer, the program crashes. No crash suppression, no oracle, no way...
-
SoK: Bootloader Security Is Worse Than You Think
Bootloaders sit at the most privileged layer of any system. They run before the OS, before virtual memory is initialized, before most exploit mitigations exist as a concept....
-
macOS Penetration Testing: Assembling the Full Chain
Every previous post in this series isolated one primitive: a sandbox escape, an XPC privilegeescalation, a TCC bypass, a persistence trick. A real engagement does not hand you...
-
Getting Kernel Code Execution: Racing the KEXT Loader
Loading a kernel extension is the most tightly controlled operation on macOS, and for good reason:a KEXT runs in ring 0, inside XNU, with no sandbox and nothing...
-
Symlink and Hardlink Attacks: Lying to Root About Where Files Live
A privileged process writes a file. It runs as root, it writes to a directory it is responsiblefor, and it never imagines that the path it is writing...