Extending Kernel Race Windows Using '/dev/shm'
November 28, 2025Recently, I came across this kernelCTF submission where the author mentions a novel technique for extending race windows in the Linux kernel…
Hello! I am Faraz. I'm a Lead Security Researcher at Zellic, focusing on L1 blockchain security.
Prior to this, I was a vulnerability researcher in Dataflow Security, where I focused on Chrome and the Android userland.
I still dabble in vulnerability research in my free time! You can find out what I'm up to recently by following me on X.
My old vulnerability research blog is here. All new blog posts will be on this blog from here on out.
Follow me on X to see what I'm up to!
VirtualBox Vulnerability Research Experience
October 07, 2025In late February 2024, I decided to perform some vulnerability research on VirtualBox. Even though I found two vulnerabilities that I…
Analysing a 1-day Vulnerability in the Linux Kernel's TLS Subsystem
October 01, 2025I recently decided to start doing some Linux kernel security research in my free time, with the goal of creating one of my own submissions…
Halting the Cronos Gravity Bridge
December 11, 2023In January 2023, I found and reported two separate bugs to the Cronos Gravity Bridge project on Immunefi. The first bug would allow an…
Finding a Critical Vulnerability in Astar
December 05, 2023I wrote this blog post for the Zellic blog. You can find the post here. If you're after a high quality audit, please contact Zellic to set…
ParadigmCTF 2023 Challenges Writeup
October 30, 2023I spent a little bit of time on ParadigmCTF 2023. This post will give an in-depth rundown on how I solved two of those challenges: Grains of…
SportsDAO Flashloan Attack Analysis
November 21, 2022@CertiKAlert tweeted out an alert for a flash loan attack on SportsDAO yesterday (November 21, 2022). I spent ~1.5 hours recreating the…
Nereus Finance Flashloan Attack Analysed and Exploited
November 18, 2022I was scrolling through the @PeckShieldAlert and @CertiKAlert twitter accounts, looking for a complicated looking price manipulation style…
TempleDAO Exploit Remastered
November 14, 2022So.. It's been a long time since I've written anything on this blog. I've been out of touch with the cyber security twitterverse, and have…