βββββββ ββββββ ββββ βββββββββββββββββββββββ βββ
βββββββββββββββββββββ ββββββββββββββββββββββββ βββ
βββββββββββββββββββββββββββββββββ ββββββββββββββββ
βββββββββββββββββββββββββββββββββ ββββββββββββββββ
βββ ββββββ ββββββ βββ ββββββββββββββββββββββ βββ
βββ ββββββ ββββββ ββββββββββββββββββββββ βββ
I find bugs in things that matter. Started with Linux in school when I was supposed to be studying. Never really stopped.
Commerce background. Self-taught everything else. Currently breaking IoT devices, embedded systems, and whatever fuzzer output lands on my screen.
| CVE | Project | Impact | Severity |
|---|---|---|---|
| - | libp2p-rendezvous (used by IPFS, Ethereum, Filecoin) | Unbounded memory growth β OOM DoS on public P2P discovery servers | π΄ High |
| Pending | LibreOffice | allocation-size-too-big in HWP parser β attacker-controlled value reaches new[] without bounds check, confirmed DoS |
π Medium |
libp2p in plain English: Any peer could register unlimited fake IDs on a public rendezvous server (a meeting point for decentralized apps). Server runs out of memory, crashes, peer discovery breaks for everyone. Fix: per-peer registration limits.
rapid7/metasploit-framework β world's most used pentesting platform
- PR #20830 β Fixed
Msf::Post::File.statcrashing on non-GNU systems (FreeBSD/BSD). Added behavior-based fallback parser preserving GNU compatibility. - PR #21028 β Fixed
reload_allcrash at globalmsf>prompt when no active module is loaded.
tailscale/tailscale β zero-trust mesh VPN, millions of users
- PR #18286 β Added unit tests for
tsconsensushelpers, fixing flaky CI and preventing regressions in core consensus logic.
Hardware β ESP32, nRF52840, ChipWhisperer, custom firmware
Protocols β MQTT, TLS/mTLS, BLE, JTAG, UART
RE Tools β Ghidra, OllyDbg, binwalk, AFL++, MemorySanitizer
Languages β Python, C, Ruby, Go, Rust (reading)
Domains β IoT security, embedded systems, vuln research, digital twin
I write hands-on security tutorials at iotsec.in β real hardware, real tools, no handwaving.
Current series:
- TLS for IoT Hackers β from cert chains to MITM attacks on live ESP32 devices
- Mirai Botnet β complete source code teardown, 6 parts
- Reverse Engineering with OllyDbg β assembly up, from absolute zero
- Side-channel attacks β stealing AES keys with ChipWhisperer
Started on YouTube videos about hacking at age 15. Couldn't figure out port forwarding. Got 56% in 10th grade.
Did a B.Com because science colleges wouldn't take me. Kept coding anyway. Taught myself Python, C, IoT, embedded systems, fuzzing, RE β all on the side. Built digital twin systems for 10 crore industrial machines. Found bugs in infrastructure used by millions.
Still learning. Always will be.
adhikari.resume@gmail.com Β· iotsec.in