# dmk.sh > Operator-grade security research, advisories, and field notes from Péter Veres. ## Core pages - [Home](https://dmk.sh/): Operator-grade security research, advisories, and field notes from Péter Veres. - [Posts](https://dmk.sh/posts/): All dmk.sh research posts and methodology writeups. - [Advisories](https://dmk.sh/advisories/): Coordinated security advisories published by dmk.sh. - [About](https://dmk.sh/about/): About Péter Veres and the dmk.sh research practice. - [Contact](https://dmk.sh/contact/): Contact details and engagement intake notes. ## Posts - [A kiosk is not a boundary: threat-modeling Cage, Wayland, and Chromium](https://dmk.sh/posts/cage-chromium-kiosk-threat-model/): Part one of a practical series on building a real-world Linux kiosk environment with Debian Trixie, Wayland, Cage, Chromium, TypeScript, CSS, HTML, and a Python backend. - [The PHP concat operator interruption — a bug I sat on for thirteen years](https://dmk.sh/posts/php-concat-interruption-retrospective/): A first-person account of an unreported bypass of CVE-2010-2191 I found around 2010, never disclosed, and which lived on in shipped PHP until 8.3.0 in November 2023. What I did, what I didn't, and what the project did and didn't. - [Defeating PHP's internal boundaries — a hardening guide for PHP 8.5](https://dmk.sh/posts/php-hardening-guide-2026/): Why every PHP-internal security control collapses in front of FFI or a single memory-corruption primitive — including a practical answer to whether FFI escapes Docker — and what your hardening posture actually needs to look like in 2026. - [Two audiences, one report: the structure I use for every engagement](https://dmk.sh/posts/reporting-methodology/): The board wants to know whether you're a bigger or smaller problem than the last firm. The engineers want to know which line of code to change. A report that addresses only one of them is not finished. - [PHP strrchr() userspace interruption — reference mutation during error handling](https://dmk.sh/posts/advisory-php-strrchr-interruption/): In PHP 5.2, strrchr() kept using a referenced haystack zval after attacker-controlled error-handler code could retype it during needle conversion, leaking heap memory across PHP-side hardening boundaries. ## Machine-readable endpoints - [Sitemap](https://dmk.sh/sitemap-index.xml) - [RSS feed](https://dmk.sh/rss.xml) - [Full LLM context](https://dmk.sh/llms-full.txt)