cybrgrl@nexus:~$
cybrgrl@nexus:~$ ./welcome.sh
██████╗██╗ ██╗██████╗ ███████╗██████╗ ███╗ ██╗███████╗██╗ ██╗██╗ ██╗███████╗ ██╔════╝╚██╗ ██╔╝██╔══██╗██╔════╝██╔══██╗ ████╗ ██║██╔════╝╚██╗██╔╝██║ ██║██╔════╝ ██║ ╚████╔╝ ██████╔╝█████╗ ██████╔╝ ██╔██╗ ██║█████╗ ╚███╔╝ ██║ ██║███████╗ ██║ ╚██╔╝ ██╔══██╗██╔══╝ ██╔══██╗ ██║╚██╗██║██╔══╝ ██╔██╗ ██║ ██║╚════██║ ╚██████╗ ██║ ██████╔╝███████╗██║ ██║ ██║ ╚████║███████╗██╔╝ ██╗╚██████╔╝███████║ ╚═════╝ ╚═╝ ╚═════╝ ╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═══╝╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚══════╝
cybrgrl@nexus:~$ whoami
Security Researcher | Bug Hunter | CTF Player
cybrgrl@nexus:~$ cat mission.txt
Welcome to my digital playground where I document my journey through cybersecurity research, vulnerability discoveries, and ethical hacking experiments.
View Research CTF Writeups
Research June 10, 2025

API Bypass in OAuth Implementations

Click to expand
Research June 10, 2025

API Bypass in OAuth Implementations

My research into common OAuth implementation flaws that allowed me to bypass authentication in three major SaaS platforms (names redacted after responsible disclosure).

During my security research, I discovered several critical vulnerabilities in OAuth implementations. My findings include:

  • Token validation bypass technique
  • Missing state parameter exploitation
  • Redirect_uri validation flaws
  • Cross-site request forgery vectors

All vulnerabilities were reported through proper channels and have since been patched. The vendors awarded $13,500 in total bounties.

Read Full Analysis →
Tool June 8, 2025

MemLeakHunter: Finding Vulnerable Binaries

Click to expand
Tool June 8, 2025

MemLeakHunter: Finding Vulnerable Binaries

My custom-built tool for automated memory leak detection in C/C++ applications that combines static analysis with runtime instrumentation.

After struggling with existing memory analysis tools, I built MemLeakHunter to combine several techniques in one workflow:

  • Static binary analysis via custom LLVM pass
  • Dynamic instrumentation using modified Valgrind core
  • Pattern matching for known vulnerable constructs
  • Integrated exploit generation for confirmed vulnerabilities

The tool is available on my GitHub with comprehensive documentation. Recent findings include two CVEs in popular open-source libraries.

View Project →
CTF June 5, 2025

HackTheBox Apocalypse CTF Writeup

Click to expand
CTF June 5, 2025

HackTheBox Apocalypse CTF Writeup

My approach and solutions for the challenges in the recent HackTheBox Apocalypse CTF where my team placed in the top 50 globally.

The Apocalypse CTF featured some particularly interesting challenges. This writeup details my solutions for:

  • Kernel exploitation challenge (Pwn)
  • Custom encryption schema reverse engineering (Crypto)
  • Supply chain attack analysis (Forensics)
  • Zero-day vulnerability emulation (Web)

I've included all my scripts, approaches, and lessons learned. Several techniques were novel enough that I've been asked to present them at an upcoming security conference.

Read Writeup →
Research June 3, 2025

Reversing Firmware of IoT Door Locks

Click to expand
Research June 3, 2025

Reversing Firmware of IoT Door Locks

My journey extracting and analyzing firmware from popular smart locks, revealing several critical security vulnerabilities affecting physical security.

This multi-month research project involved acquiring and analyzing 5 popular smart locks. My findings include:

  • UART/JTAG debugging ports left accessible
  • Hardcoded administrator credentials
  • Unencrypted wireless protocol implementations
  • Remote lock override vulnerabilities

I've documented the entire reverse engineering process, from hardware teardown to firmware extraction and analysis. All vendors were notified and most issues have been addressed in firmware updates.

Read Full Analysis →

Security Research

Research June 12, 2025

Wireless Keyboard Signal Interception

My analysis of encryption weaknesses in wireless keyboard protocols, with practical demonstration of keylogging attack vectors.

12 min read View Research →
Research June 11, 2025

Exploiting JWT Implementation Flaws

Analysis of common JWT vulnerabilities with practical examples of token manipulation and signature bypass techniques.

8 min read View Research →
Research June 9, 2025

Attacking GraphQL APIs

My methodology for testing GraphQL endpoints for information disclosure, query depth attacks, and injection vulnerabilities.

10 min read View Research →

CTF Writeups & Challenges

Writeup June 10, 2025

Pwn2Own 2025 - Browser Exploitation

My analysis of the winning exploits from Pwn2Own 2025, breaking down the techniques used to compromise Chrome and Safari.

15 min read Read Writeup →
Writeup June 7, 2025

Hack The Box - ShadowCorp Machine

Step-by-step walkthrough of my approach to compromise the ShadowCorp machine, combining SSRF, container escape, and privilege escalation.

12 min read Read Writeup →
Writeup June 4, 2025

DEFCON CTF Quals - Binary Exploitation

My solutions for the three binary exploitation challenges from DEFCON CTF qualifiers, including ROP chain development and heap exploitation.

18 min read Read Writeup →

About Me

Hi, I'm Sarah (@cybrgrl0xf), a security researcher and ethical hacker focused on finding vulnerabilities before the bad actors do. With a background in software engineering and a passion for breaking things, I spend my time hunting bugs, reversing binaries, and competing in CTFs.

By day, I work as a senior penetration tester. By night, I research emerging attack vectors and contribute to open-source security tools. This blog documents my journey, findings, and occasional victories in the constantly evolving security landscape.

17
CVEs Published
32
CTF Wins
$74K
Bug Bounties