Valentin Lobstein

Chocapikk

Security Researcher & Exploit Developer

Breaking, building, and documenting. Vulnerability research, exploit development, and offensive security.

71 cves 82 exploits 56 articles

Latest

Dumping PostgreSQL Without Credentials: Heap File Parsing for Offensive Security

Dumping PostgreSQL Without Credentials: Heap File Parsing for Offensive Security

A technique for extracting PostgreSQL data through arbitrary file read vulnerabilities - without credentials, without SQL access, without knowing the schema. Full auto-discovery via system catalogs.

Read more →

Recent

all →
Windfall: From Path Traversal to RCE in Nextcloud Flow & Windmill

Windfall: From Path Traversal to RCE in Nextcloud Flow & Windmill

Critical vulnerabilities in Windmill: unauthenticated path traversal leading to RCE, plus an authenticated SQL injection enabling full privilege escalation (operator → super admin → root RCE). Affects standalone Windmill and Nextcloud Flow.

CVERCESQLi
>_

From Zero to Exploit Dev: What Actually Worked

How I went from knowing nothing about computers in 2020 to writing exploits. No magic, no shortcuts, just the process.

PersonalCareer
>_

How I Added PTY Support to Busybox Shells (When Everyone Said It Was Impossible)

Every shell handler fails on busybox/Alpine. No script, no python, no PTY. I fixed it with 80 lines of C and a base64 upload.

ToolsTechniqueTutorial
Reverse Engineering the ITE 8910 Keyboard RGB Protocol for OpenRGB

Reverse Engineering the ITE 8910 Keyboard RGB Protocol for OpenRGB

How I reverse-engineered the complete USB HID protocol of the ITE 8910 keyboard controller from a Windows DLL and .NET executable, and contributed per-key RGB support with 14 modes to OpenRGB - the first implementation for this chip on Linux.

Reverse EngineeringOpenRGBLinux
>_

OmniGen2: Unauthenticated RCE via Pickle Deserialization in BAAI's Reward Server

A critical unauthenticated RCE vulnerability in OmniGen2's reward server infrastructure. The Flask-based servers deserialize raw HTTP POST bodies with pickle.loads() without any authentication, giving instant code execution to anyone with network access.

CVERCE
>_

sglang: Unauthenticated RCE via Pickle Deserialization in ZMQ Transport (Disaggregated Serving)

A critical unauthenticated RCE vulnerability in sglang's ZMQ transport layer for disaggregated serving. ZMQ PULL sockets bind to all interfaces and deserialize messages with pickle.loads() - no auth, no validation. Distinct from CVE-2025-10164 which only covers the HTTP API.

CVERCE
Rick Astley

NEVER GONNA
GIVE YOU UP

You were warned.