Arjun's Blog

6 CVEs and $750: Automating ReDoS Vulnerability Discovery with AI

Mon, 27 Apr 2026 00:00:00 +0000

The idea started while browsing Huntr’s hacktivity feed. I saw a ReDoS vulnerability reported in HuggingFace Transformers and wondered how many more might be hiding in there. Manually reviewing regex patterns sounded tedious and I only have the attention span of a Skink, so naturally I spent time building a tool to avoid doing it myself. That laziness paid off — 6 CVEs and $750, to be exact.

What Even is ReDoS?

Before we dive in, let me explain what ReDoS (Regular Expression Denial of Service) is for the uninitiated.

TensorFlow CVE-2021-37678 – YAML Deserialization RCE

Wed, 03 Dec 2025 00:00:00 +0000

Back in my college days, I was heavily into security research and playing CTFs. One of the bigger things I stumbled on was an RCE vulnerability in Google’s TensorFlow/Keras that eventually became CVE-2021-37678.

This post is basically a write-up of that journey, mostly for documenting what I did and partly to revive my security brain after being a Software Engineer for about 3.5 years.

If you’re into Machine Learning, Python internals, or want to see how something seemingly harmless like YAML can blow up into Remote Code Execution — this one’s for you.

Mobile Hacking: #1 - Setting Up An Android Pentesting Environment

Mon, 10 Nov 2025 00:00:00 +0000

I often forget how to do this. So I’m posting it here so that I can come back when I need it (content poverty laughs from the corner).

Prerequisites:

Android Studio (or just the SDK tools if you’re a nerd)
Android Virtual Device (I don’t like Genymotion)
Python
Conda or any other environment manager (optional but recommended)

If the SDK binaries are not in your PATH environment variable, paste the following in your .bashrc or equivalent.

CCNA Prep: #1 - Networking Devices

Sun, 09 Nov 2025 00:00:00 +0000

Introduction to Networks

First lesson. Foundation stuff. Network devices, clients, servers. Basic but important.

What Is a Network?

Devices (nodes) that can talk to each other and share stuff. That’s it.

Common network devices:

Router
Switch
Firewall
Server
Client (End Host)

Clients and Servers

Client - asks for stuff. Your phone opening YouTube = client.

Server - gives you stuff. YouTube’s servers = server.

A device can be both. PC1 asks PC2 for a file → PC1 is client, PC2 is server. Roles flip depending on who’s asking.

About

Sat, 08 Nov 2025 00:00:00 +0000

Hi my name is Arjun,

I write about security, music, spirituality, and life in general. At least that’s my wish at the time of typing this. Maybe I’ll pivot or won’t write at all, as I usually don’t stick with anything (zero instinct). So I won’t say anything like “stay tuned for updates”. I might even close this blog without any notice.

Thanks for your time.

CCNA Prep: #0 - The Plan

Sat, 08 Nov 2025 00:00:00 +0000

I’m preparing for CCNA as part of switching role from software engineering to security. The resources I use for learning are:

The plan is simple. I watch Jeremy’s videos and summarize it using AI and post it here. This will be helpful for me if I need a quick refresh (an obvious lie, my memory is just too bad) of the stuff I learned.

Welcome

Sat, 08 Nov 2025 00:00:00 +0000