Coordinated CVE writeups
Root cause, impact, affected versions, remediation, and fix verification—published only after disclosure allows it.
Field notes
Security research, lab walkthroughs, tooling notes, and personal field notes from Abdullah Kareem. The original Medium archive is unavailable, so selected work is being recovered, technically reviewed, and republished here with its original dates and context preserved.
Selected inventory · 01
These representative records preserve known titles and original dates. Full article text will appear only after recovery and review.
Advanced lab walkthrough
A hard Windows lab covering source analysis, an XML and Java deserialization path, egress constraints, and credential recovery.
Media sanitization tooling
An automation and media-sanitization build note whose standards language and verification claims require revision before republication.
Personal field note
A reflection on resilience, anxiety, daily practice, and the practical use of ancient and modern ideas.
Windows security tooling
A BitLocker and TPM cryptographic-erasure utility note queued for a current technical and standards review.
Lab walkthrough
A Linux attack path through local file inclusion, Tomcat deployment, credential reuse, and LXD privilege escalation.
Lab walkthrough
A Windows lab involving anonymous FTP, stored credentials, Telnet access, and a local privilege path.
Coming home · 02
The archive is organized by evidence and reader value, not by the order a platform happened to publish it.
Root cause, impact, affected versions, remediation, and fix verification—published only after disclosure allows it.
Reusable lessons from authorization failures, trust-boundary mistakes, parser behavior, and incomplete fixes.
Walkthroughs that explain the decision path, failed hypotheses, and operational constraints—not only the final exploit chain.
Build notes that state assumptions, tested behavior, limitations, and standards context without overclaiming assurance.
Publishing standard · 03
Primary evidence and affected-version context accompany security claims.
Embargoed, client-sensitive, and unfiled material remains private.
Original dates are preserved while technical revisions are clearly marked.
Corrections and changed registry states are dated instead of silently rewritten.
Published evidence first
The Research Ledger already links every published Finder credit to its primary public source. Future CVE writeups will connect back to those records.
Open research ledger