Research
exploratory & narrative
Target: QNAP QTS 5.x + bundled plugins (Notes Station 3, QmailAgent, QVPN, et al.)
Approach: Read across QTS's web layer and three first-party plugins. Looked at how authentication, IPC, plugin sandboxing, and container boundaries actually compose in practice, versus how QNAP's docs describe them.
Target: FortiOS SSL VPN web daemon and adjacent helper binaries
Approach: Ongoing reverse engineering of the SSL VPN request lifecycle, session establishment, and the helper processes invoked behind it. Write-up will follow once disclosure timelines allow.