I have had a special interest for reverse engineering since high school. Since then, I have looked at all kinds of software, from bootloaders to userland applications. This has led to the discovery of various critical vulnerabilities in software, such as authentication bypasses, and memory corruption leading to remote code execution. Some of my public projects can be found on GitHub.
CTFs
Nowadays, I am a challenge author for the European Cyber Security Challenge and its national qualifiers. Some of the challenges that I have created can be found here.As a player, some of my past achievements include:
2025:
- 1st place at International Cyber Security Challenge as part of Team Europe.
- 2nd place at m0lecon CTF with former Team Europe members.
- 1st place at the International Cyber Security Challenge as part of Team Europe.
- 1st place at the European Cyber Security Challenge as part of Team Germany.
- 1st place at the European Cyber Security Challenge as part of Team Germany.
- 1st place at Cyber Security Challenge Germany (the German qualifiers for ECSC).
- 1st place at Challenge the Cyber (the Dutch qualifiers for ECSC).
- 2nd place at the European Cyber Security Challenge as part of Team Germany.
Pwn2Own
I have successfully demonstrated remote code execution on the following targets at Pwn2Own:- (2026) Kenwood DNR1007XR
- (2025) Philips Hue Bridge
CVEs
The following table includes some of my CVEs.| CVE | Product | Description |
|---|---|---|
| CVE-2026-9063 | Axis OS | (not yet disclosed) |
| CVE-2026-9035 | IBM Aspera | Path traversal allowing arbitrary files to be read |
| CVE-2026-8180 | IBM Aspera | Null pointer dereference leading to crash |
| CVE-2026-8179 | IBM Aspera | Stack overflow leading to remote code execution |
| CVE-2026-8175 | IBM Aspera | Unauthenticated heap overflow leading to authentication bypass and potential RCE |
| CVE-2026-7876 | IBM Aspera | Authentication bypass |
| CVE-2024-6612 | Mozilla Firefox | CSP violations were leaked to an attacker through DNS prefetching |
Note that not all software vendors issue a CVE for vulnerabilities that are reported to them.
Public Reports
Unfortunately I am not allowed to disclose most reports that I have submitted through bug bounty programs. The following table lists the reports for which I have requested disclosure and disclosure has been granted.| Reported At | Vendor | Description |
|---|---|---|
| 2025-12-13 | Nintendo | ASLR leak in Mario Kart World (link) |
| 2025-06-06 | Nintendo | TLS certificate verification bypass on Nintendo Switch (link) |
| 2018-12-19 | Nintendo | Stack overflow in game server client leading to RCE in many games (link) |
Open Source
This section describes some of my public projects. More public projects can be found on my GitHub profile.NintendoClients
This Python package implements a client for Nintendo Switch, Wii U and 3DS servers. In addition, the wiki contains extensive documentation on Nintendo's server and network protocols based on reverse engineering. This work has been used by many cool projects, such as:- A Super Mario Maker 2 level viewer
- A Mario Kart 8 leaderboard viewer
- An Animal Crossing turnip exchange site.
Netlink / LDN
The former is an async Python package that implements the Linux netlink protocol, including support for nl80211 and rtnetlink. This makes it possible to precisely control your wireless hardware on Linux, on a level that would otherwise not be possible. The LDN project uses the netlink project to implement the local wireless communication protocol of the Nintendo Switch.AEA
A complete description and Python implementation of the Apple Encrypted Archive format, based on reverse engineering.Nintendo File Formats / Jungle / Panorama
The Nintendo File Formats wiki, accessible at https://nintendo-formats.com provides extensive documentation on file formats that are seen in Nintendo games, based on reverse engineering. The Jungle project implements an accurate file parser and serializer based on that documentation, with a test suite that verifies both the correctness and completeness of the code. The Panorama project uses the Jungle library to implement a graphical viewer for some of Nintendo's file formats.Wii U Firmware Emulator
This project emulates the hardware of the Nintendo Wii U at the lowest level. It is currently able to execute the entire boot process of the Wii U, from bootloader up to the Wii U menu. The project is built without any external libraries and uses a custom JIT engine for performance. It provides a text based debugger that allows one to inspect the state of the firmware at any stage.Wii U Debugger
This project implements a graphical debugger for the Wii U, made entirely from scratch. Breakpoints are implemented by inserting and handling special trap instructions into the code.Newer SMBU
While still in school, I reverse engineered the code behind New Super Mario Bros. U and made a code injection framework that allows one to completely customize the game. A few demos that were shared with the development team can be found on my YouTube channel.This project tought me a lot about computer science, even before I went to university. Because much less tools existed back then (Binary Ninja and Ghidra did not exist yet), I could not even use a decompiler. Even today, I sometimes find it easier to read assembly than decompiled C code, because assembly is what I have grown up with.