My NRIC number was public for four days. Should it have been?
The NRIC numbers of individuals became available to anyone on the public internet through a new feature in the ACRA portal. My thoughts on the incident and why it is a big deal.
Musings on software, security, and the world.
All of my long-form thoughts on what I'm learning, what I'm building, and what I'm thinking about. I hope you find something interesting here.
An introduction to CodeQL and data flow analysis
The fundamentals of static code analysis, taint tracking, and problems that CodeQL is solving under the hood.
Why I'm "quitting" (offensive) security
I don't think I can ever truly quit security, but I'm ready to take a pause on popping shells and start building things that last. Here's a reflection on my journey so far and why I'm taking a step back.
I used to write about security and CTFs on infosec.zeyu2001.com and ctf.zeyu2001.com. These will remain up so that backlinks to popular writeups don't break, but this blog is where I'll be posting new content.