Geeknik`s Lab

If you spend enough time in the weeds of C code, you’ll notice a peculiar thing about “not a bug” reports: they often are bugs — just bugs whose triggers live at the API boundary rather than in the library’s internals. libcurl is an incredible piece of software. It moves bits across the network for everything from embedded devices to cloud services. But like most C libraries, it assumes that the caller is sane, the parameters are consistent, and the API contract is honored. In the real world, t...

It didn’t actually explode. It imploded quietly, like dignity in a bad Zoom call. Here’s what happened: I AirDropped a video from my iPhone 14 Pro to my shiny M4 MacBook Pro (macOS 15.5). Video went through. Seamless. Magical. And then—boom, but digital: sharingd faceplanted into a segmentation fault. Not just a polite little “oops.” No. Full-on EXC_BAD_ACCESS (SIGSEGV) like it was trying to retain an object that didn’t exist anymore. Zombie pointer shit. In the beating heart of Apple’s Con...

Curl’s vast array of options and flexibility make it a playground for creative misuse. Its myriad options enable behaviors that aren’t immediately apparent, offering both power and risk in the hands of the untrained or malicious. Instead of leaning on well-trodden paths like command injection or known CVEs, I’ve explored obscure features, bizarre option combos, and fringe use cases that could catch even savvy developers off guard. Here’s a rundown of some genuinely unique exploitation vectors. ...

Twenty-five years ago, a spark lit up the fledgling digital landscape. It was a time when the internet was not the algorithmic labyrinth we see today but a boundless wilderness, ripe for exploration and unfiltered expression. This was the backdrop against which Geeknik was born—a hybrid of geek curiosity and beatnik defiance, embodying the grit and soul of an era before surveillance capitalism cast its shadow over our every click. The e/n Era: Where We Started If you’re reading this, chances a...