What is this site?

Welcome to pwning.tech! This site serves as a repository of my offensive security fieldwork. On this site I intend to share fascinating quirks of the Linux kernel (and it's zerodays), share flaws in IoT which no one could have predicted, conduct fuzzing experiments, and provide write-ups on my HackTheBox adventures.

Whoami & Inquiries

It is me, notselwyn, the admin of pwning.tech. I'm a vulnerability researcher who likes to target Linux environments: wether it's IoT, userland pwn, or kernel exploitation, I'm always down. Hence, I have expertise in fields ranging from low level reverse engineering to writing DLL injectors in C++ to writing exploits in C for Linux kernel targets to analyzing TPM trust chains and remote attestation.

For professional inquiries, please contact notselwyn@pwning.tech (PGP key). For other shenanigans, slide into my Twitter DMs over at @notselwyn.


With strong dedication to contributing to the infosec community and free knowledge sharing, I try to balance each blogpost between technicality and clarity using diagrams and animations, whilst still trying to write deduplicated content without boilerplate such that aspiring vulnerability researchers can learn from my workflow and the seasoned exploit developers can extract the techniques I use in my exploits.

Vulnerability disclosure

If you find a specific flaw in the website related to configuration and/or some epic opsec fail, feel free to report it. The website has an RFC9116-compliant security.txt containing an email address, the PGP key, and other important metadata. The website uses a static version of GhostCMS, so if you find a non-configuration vulnerability, you should probably report it to the GhostCMS team.