Heya, I'm Dimitar

GitHub LinkedIn RSS

Recent posts

Feb 12, 2026
ANSI Escape Code Injection in OpenAI's Codex CLI Leading to RCE
How a simple unsanitized model parameter in Codex CLI leads from terminal spoofing to remote code execution
Jan 24, 2026
Bypassing VSCode Copilot's Premium Requests
Bypassing VSCode Copilot's premium requests using an infinite loop
Nov 28, 2025
Reverse Engineering: "Tzar The Burden of the Crown" - Part 1 (WDT Files)
Reverse Engineering: "Tzar The Burden of the Crown"
Nov 18, 2025
Implementing custom autocomplete in VSCode
Implementing custom autocomplete in VSCode
Oct 25, 2025
Bulgarian OSINT Guide
Guide to OSINT techniques for Bulgarian investigations.
Dec 19, 2024
Tracking Down the Bulgarian Marketplace Scams
Investigation into Bulgarian marketplace scams.

CTF writeups

all writeups →

May 6, 2025
FLARE-On 2014 writeups
writeupsctfREC#Debugging
Nov 12, 2024
zer0pts CTF 2023 - GitFile Explorer
writeupsctfphplfi
Nov 11, 2024
HTB Challenge - Gunship
writeupsctfprototype pollutionjs
Nov 10, 2024
BlueHensCTF 2024 - Corkscrew
writeupsctfcipher
Nov 10, 2024
BlueHensCTF 2024 - Firefun 3
writeupsctffirebasejs

Talks

Mar 24, 2026
Hacking AI Agents: From Prompt Injection to Malicious MCP Servers
SoftUni — A deep dive into the attack surface of AI agents, covering prompt injection, jailbreaks, malicious MCP servers, weaponized skills, and agent-to-agent attacks.
Sep 1, 2022
Converting Third-Party Threat Intelligence into VMware Carbon Black Cloud
VMware Explore 2022, San Francisco — A session on importing third-party threat intelligence data into VMware Carbon Black Cloud using a custom-built conversion tool.