Intelligence Academy

Research notes, validation methodology and field intelligence for modern vulnerability analysis.

Research Notes
27 notes
Research Notes

Partial Message State Retention After Failed Protobuf Parsing

Why Parse Failure Does Not Necessarily Mean Object Sanitization in Protocol Buffers

Featured

Experimental analysis of Protocol Buffers C++ demonstrating that malformed protobuf payloads may leave partially decoded application state available even after ParseFromString() returns false.

Category Parser Security
Ecosystem Protocol Buffers
Difficulty Advanced
FikreSekhel Research 15 min read Jun 02, 2026
Research Notes

Credential Boundary Drift Across Cross-Origin Redirects

How partial redirect protections can preserve custom authentication headers across origin changes

Featured

A research note examining custom credential-bearing headers, redirect trust boundaries, and partial stripping behavior in HTTP clients.

Category HTTP Client Security
Ecosystem JavaScript / HTTP Clients
Difficulty Advanced
FikreSekhel Research 14 min read Jun 01, 2026
Research Notes

Promise Resolution as a Sandbox Boundary

A vm2 case study in asynchronous host-to-sandbox boundary mediation failure

Featured

A research note examining Promise resolution as a security-sensitive cross-realm boundary in JavaScript sandbox architectures.

Category Sandbox Isolation Security
Ecosystem JavaScript / VM Isolation
Difficulty Research
FikreSekhel Research 18 min read Jun 01, 2026
Research Notes

Recursive Descriptor Expansion as an Availability Primitive

How unbounded structural recursion transforms schema loading into denial-of-service surface

Featured

A research note examining recursion depth exhaustion in descriptor expansion pipelines.

Category Parser Availability Security
Ecosystem JavaScript / Protocol Buffers
Difficulty Research
FikreSekhel Research 15 min read Jun 01, 2026
1 2 3 4 5 6 7