Vulnerability Research

Think Beyond This Document

This skill is a structured starting point, not a ceiling. Real-world vulnerabilities and CTF challenges routinely defy checklists. The best exploit chains come from creative, unconstrained thinking — connecting behaviors the developer never imagined interacting. Do not limit your research to what is cataloged here. Treat every assumption as testable, every "impossible" path as merely untested, and every protection as a puzzle to be solved. The most dangerous bugs live in the gaps between documented categories. Read the code. Understand the runtime. Invent your own attack classes.

Philosophy

Find the bug. Prove the bug. Chain the bug. Every claim needs a working exploit or it's noise.

The Bitter Lesson, applied: Vulnerability research has historically been 20% computer science and 80% solving giant, domain-specific jigsaw puzzles — learning font internals, memory allocator behavior, protocol edge cases. LLMs are universal jigsaw solvers. They encode the complete library of documented bug classes and vast correlations across source code. The structured methodology below channels this capability; the Agent Sweep mode unleashes it. Use both.