I break software, politely, and then I write it up.

I’m an application-security engineer and independent researcher. Day job: finding and fixing vulnerabilities. Off the clock: reading CVE feeds, reproducing bugs, building small tools, and publishing writeups here.

My focus is reachability - not just “is this function vulnerable?” but “can anyone actually get there, and with what pre-conditions?” Most of the interesting work in appsec lives in that gap between a lint rule firing and a bug a motivated attacker can land.

I disclose responsibly. 90-day timeline by default, extended on request when the fix is real.

What I write about

Vuln writeups (with repros), research on how classes of bugs behave in the wild, tool launches, and the occasional essay about how this craft actually works.

Contact

Email contact@rodolpheg.xyz for anything.