Operator-grade security research, advisories, and field notes from Péter Veres.https://dmk.sh/enhttps://dmk.sh/posts/cage-chromium-kiosk-threat-model/https://dmk.sh/posts/cage-chromium-kiosk-threat-model/Part one of a practical series on building a real-world Linux kiosk environment with Debian Trixie, Wayland, Cage, Chromium, TypeScript, CSS, HTML, and a Python backend.Tue, 28 Apr 2026 00:00:00 GMThttps://dmk.sh/posts/php-concat-interruption-retrospective/https://dmk.sh/posts/php-concat-interruption-retrospective/A first-person account of an unreported bypass of CVE-2010-2191 I found around 2010, never disclosed, and which lived on in shipped PHP until 8.3.0 in November 2023. What I did, what I didn't, and what the project did and didn't.Mon, 27 Apr 2026 00:00:00 GMThttps://dmk.sh/posts/php-hardening-guide-2026/https://dmk.sh/posts/php-hardening-guide-2026/Why every PHP-internal security control collapses in front of FFI or a single memory-corruption primitive — including a practical answer to whether FFI escapes Docker — and what your hardening posture actually needs to look like in 2026.Sun, 08 Mar 2026 00:00:00 GMThttps://dmk.sh/posts/reporting-methodology/https://dmk.sh/posts/reporting-methodology/The board wants to know whether you're a bigger or smaller problem than the last firm. The engineers want to know which line of code to change. A report that addresses only one of them is not finished.Thu, 22 Jan 2026 00:00:00 GMThttps://dmk.sh/posts/advisory-php-strrchr-interruption/https://dmk.sh/posts/advisory-php-strrchr-interruption/In PHP 5.2, strrchr() kept using a referenced haystack zval after attacker-controlled error-handler code could retype it during needle conversion, leaking heap memory across PHP-side hardening boundaries.Thu, 22 Jul 2010 00:00:00 GMT