> For the complete documentation index, see [llms.txt](https://research.sfoffo.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://research.sfoffo.com/readme.md).

# Home

<h2 align="center">Sfoffo's Research Blog</h2>

<p align="center">Welcome to my space for documenting offensive security research.<br>Here I share vulnerability findings, write-ups, and practical insights that highlight techniques, pitfalls, and lessons learned from real-world security testing.</p>

## Latest Articles

<table data-view="cards"><thead><tr><th></th><th></th><th></th><th data-hidden data-card-cover data-type="image">Cover image</th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><i class="fa-terminal">:terminal:</i></td><td><strong>Beyond a Fly in the Wild</strong></td><td>Breaking down WildFly’s defenses and the alternative file upload attack paths adversaries may pursue when direct code execution isn’t possible.</td><td><a href="/files/wejvVozGboKtXar1jJR3">/files/wejvVozGboKtXar1jJR3</a></td><td><a href="/pages/m9hE1bRrqwWoqNuqZyHS">/pages/m9hE1bRrqwWoqNuqZyHS</a></td></tr><tr><td><i class="fa-terminal">:terminal:</i></td><td><strong>CVE-2024-42845 - Invesalius3 RCE</strong></td><td>Remote Code Execution in DICOM import due to unsafe use of eval in coordinates parsing.</td><td><a href="/files/0s7G2lUaLWPlxYzU1aUk">/files/0s7G2lUaLWPlxYzU1aUk</a></td><td><a href="/pages/Vgqp16LtskmxvybfH3uK">/pages/Vgqp16LtskmxvybfH3uK</a></td></tr><tr><td><i class="fa-terminal">:terminal:</i></td><td><strong>Streamlining CVE Research using GitHub</strong></td><td>Highlighting GitHub's vulnerability reporting workflow and the CVEs discovered during this process.</td><td><a href="/files/GL7AX4yEttmyQy155fHp">/files/GL7AX4yEttmyQy155fHp</a></td><td><a href="/pages/HT7McRwT6WdPNS8nZq75">/pages/HT7McRwT6WdPNS8nZq75</a></td></tr></tbody></table>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://research.sfoffo.com/readme.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.