christbowel
@christbowel
Offensive Security
Researcher &
Software Security.
Turning attack surfaces into CVE reports.
×5 CVEs discovered →// latest writeups
Intelligence Feed.
11 févr. 2026
CVE-2024-29643: When a Single Header Breaks Everything
How a simple Host header manipulation poisoned Croogo's RSS feed and opened the door to phishing and domain spoofing.
06 févr. 2026
CVE-2026-25050: How a 300ms Difference Unmasked Vendure Users
A deep dive into a timing attack vulnerability I discovered in Vendure's NativeAuthenticationStrategy.
06 sept. 2025
Deep Dive: Kerberoasting Attacks
Understanding the mechanics of Kerberos tickets and how attackers crack service account passwords offline.