Hi and welcome! My name is Ivan Racic. I’ve been using computers since Atari 1024ST, so I remember what a floppy disk is.

I majored in computer science, and I knew that I was born to do this stuff. This hit me, and I’m sure my father agrees, when I extracted game files compressed with ARJ in the partition root, then moved all the files in the self-created WINDOWS2 directory because I had a feeling that not all the files in the partition root were game files. For some reason the “Invalid system disk. Replace the disk, and then press any key” started popping up after the system reboot. It took the computer technicians around three hours, after replacing several different CD / floppy disk drives and IDE cables, to realize that something else is the problem. They should have just asked me. Everything they (and the Windows 95 OS) needed was in the WINDOWS2 directory.

So, gradually, I evolved. I started working as a help-desk technician contributing in the field of keeping computers well-enough for employees to do their jobs, removing paper clips or white-out / correction fluid from document feeders and re-connecting the LAN cables that had their RJ45 locking tabs broken. As my ingenuity was not recognized, I changed my job to become a system administrator. This time it was my turn to unplug LAN cables with my feet from core switches. Alongside that, I administered an AD domain and a few Linux servers with the --no-preserve-root switch for secure file removal.

And then it happened. Someone mistakenly employed me in an InfoSec company. I have conducted various application and infrastructure penetration tests but due to my previous experience I have contributed the most when testing infrastructures, especially those based on Active Directory. That prior experience allowed me to transfer the blame on Microsoft Exchange when it hung while I was dumping LSASS during a pentest. When my employer realized that my knowledge had reached an enviable level, I became a Red team lead - leading a team of which I am extremely proud.

Being a team-lead places a lot of responsibility, because you are expected to always be at a high technical level. In practice, this requires fuzzing the Office package with randomly-generated colors for Excel cells and WinAFL-ing the PPTX file format so that less-technical people can understand what you want to say.

This somehow did not fully satisfy me, so I started doing vulnerability research in August 2025 after returning from DefCon 33 where I had some fun with a drug-sub, a hacking challenge at the Maritime Hacking Village. I now realize that I may have started too late, at a time when you can just tell an agent to “find me a vuln and create RCE PoC”, but never mind.

And here we are. A few people encouraged me to start writing blog posts, and I would like to thank you for this. I’ll give my best to keep it alive, blogging about the things I do, the trials and errors, but also the successes. All of that makes me who I am.

Other stuff about me: my brain is IQLR (Intelligence Quotient Layout Randomized), so one day I wake up having problems with the basics, and other days I do some quite cool stuff. This may be because I like to block punches with my head during Muay Thai training. As my brain also likes to wonder around, I need some structured type of learning. Therefore, I have some badges like: RET2 Systems FOSE, GIAC GXPN and GPEN, OffSec OSCE and OSCP, CyberWarfare Labs CPTA, Altered Security CRTE and PACES. Anyways, hope you find some stuff here useful.

Hack the planet.

Ivan