Where Coffee Meets Security

A personal security research platform featuring cutting-edge vulnerability research, custom security tools, educational videos, and timely security advisories. Fueled by coffee, driven by curiosity.

What does Coffee have to do with Security?

Coffee has always played a major role in the life of most security professionals. Whilst beer serves the purpose of socialising, a good coffee always provides a quick energy boost. It's the beverage of choice among most hackers and security professionals that assists with prolonged subversive work online.

I also believe that when it comes to good to great thinking it has always been powered by coffee. However, anything in excess is bad. Therefore, it is essential to regulate your coffee intake per day. While I coined the name, I thought of two key elements that are mutually inclusive and runs in our industry's DNA i.e. coffee and security.

Caffeine Powered

Research fueled by quality coffee

Security Focused

25+ years of expertise

Open Research

Transparent methodologies

Responsible Disclosure

Ethical vulnerability reporting

Latest Events

Upcoming conferences & past speaking engagements

View All Events
Conference TalkNov 2021

Software Security Engineering (Learnings from the past to fix the future) - Extended Version

This talk covered some crucial aspects of software security engineering and strategy that most organisations have overlooked or ignored. Primarily the presentation provides some insights on why we still continue to see two decades old bugs and recommendations to consider going ahead. This is a slightly extended version of the OWASP 20th Anniversary talk.

Conference TalkSep 2021

Software Security Engineering (Learnings from the past to fix the future)

Presented at OWASP 20th Anniversary virtual event, this talk covered some crucial aspects of software security engineering and strategy that most organisations have overlooked or ignored. Primarily the presentation provides some insights on why we still continue to see two decades old bugs and recommendations to consider going ahead.

Kernel SecurityApr 2018

The Path To Ring-0 (Windows Edition)

Presentation on Windows Kernel Exploitation providing insights into common Windows kernel exploitation techniques and the current state of kernel mitigation. Presented at Insomnia Security's internal security conference known as Roachcon (2017).

Exploit Demo Videos

All Videos

Proof-of-concept exploit demonstrations by Debasis Mohanty - showcasing real-world vulnerability exploitation techniques.

CVE-2007-565924 Oct 2008

Adobe Acrobat 'Collab.collectEmailInfo' Buffer Overflow (CVE-2007-5659)

This vulnerability was made public in Feb 2008. The exploit was written in Oct 2008 but could not be released due to IP agreement with the contractor. A demo video was released instead.

CVE-2007-560111 Apr 2008

RealPlayer ierpplug.dll ActiveX Control Buffer Overflow (CVE-2007-5601)

This vulnerability was made public in Oct 2007 with no publicly available exploit until 2008. The exploit was written in April 2008 but could not be released due to IP agreement. A demo video was released instead.

Point-in-time research, 2004 to 2008

Security Advisories

This is not a CVE leaderboard. It is a curated record of research published when the attack class, the target, or the technique was still considered niche, theoretical, or uninteresting by the broader industry. Each item is included for what it documented at the time, not for the size of its identifier.

Research doctrine

Target the doubt, not the score

Pick issues where the industry disputes the impact. XSS in 2004, PDF JavaScript in 2008, Office as a malware carrier in 2006. Prove the impact concretely before the industry consensus catches up to the finding.

Surface forgotten primitives

Old operating system mechanisms keep returning as attack vectors. DDE, COM interop, OLE embedding. Document them properly the first time so they are not rediscovered a decade later under a different name.

Challenge category-defining claims

When a product class markets a guarantee, personal firewalls, virtual keyboards, anti-piracy attestation, test the guarantee rather than the product. The shape of the bypass usually outlives the vendor that shipped it.

Publish for the learner, not the leaderboard

Every advisory is written so a researcher reading it years later still extracts a transferable pattern. The CVE identifier is only the receipt, the writeup itself is the artifact worth keeping.

Landmark research

Selected entries with outsized point-in-time impact
CriticalExploit Author
Nov 2008

Microsoft Windows Netapi32 Insecure Path Canonicalization Exploit

MS08-067
Why it mattered then

Released within days of MS08-067 going public, when no reliable independent exploit existed outside of vendor and a handful of closed circles. The same primitive later powered Conficker. At that moment the choice was: wait for someone else, or write it.

Research insight

Reliability beats novelty when the window of relevance is days. Studying the canonicalization primitive taught more about Windows path parsing than any of the dozens of follow-up writeups that came months later.

HighExploit Author
Nov 2008

Adobe Reader 'util.printf()' Function Buffer Overflow Exploit

CVE-2008-2992
Why it mattered then

Published when public Adobe Reader exploit code was almost non-existent. PDF was still considered a 'safe document format' by most enterprises. JavaScript-in-PDF was a niche even within client-side research.

Research insight

The interesting surface is rarely the parser, it is the embedded interpreter. JavaScript engines bolted onto document readers became the dominant client-side attack class for the next decade.

View full advisories archive