• Introducing WEBCAT: Web-based Code Assurance and Transparency On 2025-03-19, securedrop.org, Co-Author
• A deep dive into Cellebrite: Android support as of February 2025 On 2025-03-16, osservatorionessuno.org, Author
• A deep dive into Cellebrite: how it came to be On 2025-03-16, osservatorionessuno.org, Author
• The long and winding road to safe browser-based cryptography On 2024-12-19, securedrop.org, Co-Author
• How to BGP from your basement and other tales On 2024-12-18, osservatorionessuno.org, Author
• Introducing Securedrop Protocol On 2024-05-06, securedrop.org, Co-Author
• How to research your own cryptography and survive On 2024-04-03, securedrop.org, Co-Author
• Anatomy of a whistleblowing system On 2024-02-20, securedrop.org, Co-Author
• SecureDrop multiple local privilege escalations On 2022-12-12, securedrop.org, Co-Author
• Google Summer of Code for Qubes-os: automatic port forwarding On 2021-09-15, git.lsd.cat, Author
• A hybrid Capture-the-Flag challenge for an A/D competition On 2021-01-01
• Exploiting a Linux-based payment terminal part 1: reversing to root On 2020-07-03
• How to port Openwrt to an unknown device with a supported SoC On 2020-04-15
• Juniper Pulse Connect Secure MITM Code Execution On 2020-03-30
• Nokia-Alcatel FTTH CPE reverse engineering and WPA/admin keygen On 2020-01-10, Co-Author
• Alcatel-Lucent OmniVista 4760/8770 Remote Code Execution On 2019-12-20
• Websphere Portal for penetration testers On 2019-03-27
• Oracle SQL for penetration testers On 2018-11-20
• CTF Writeup: INS'hAck CTF 2018 - Curler On 2018-04-09, jbz.team, Co-Author
• Quick Windows and Linux LAN pivoting On 2018-02-17
• CTF Writeup: EkoParty CTF 2017 - silkroad On 2017-09-18, jbz.team, Author
• CTF Writeup: PlaidCTF 2017 - SHA-4 On 2017-04-23, jbz.team, Co-Author
• CTF Writeup: PlaidCTF 2017 - Echo On 2017-04-23, jbz.team, Co-Author