Posts
-
September 9, 2024
XS-Leaks Summit: Stopping XS-Leaks at Scale (v2)
-
July 18, 2024
LocoMocoSec: How blocking third-party cookies can fix the web
-
July 1, 2024
Security Signals: Measuring Web Security Posture at Scale
-
January 22, 2024
Google Blog: A Recipe for Scaling Security
-
October 27, 2023
Truly Paranoid Software Updates
-
April 18, 2023
Google Blog: Securely Hosting User Data in Modern Web Applications
-
November 3, 2022
hiSHtory: Launching on HN and Reddit
-
October 15, 2022
hiSHtory: Cross-device Encrypted Syncing Design
-
September 26, 2022
hiSHtory: Your shell history in context, synced, and queryable
-
March 9, 2022
The limits of the same-origin policy: cross-origin (but same-site) attacks
-
January 3, 2022
Log4j Scanning
-
October 10, 2021
Stopping XS-Leaks at Scale
-
July 6, 2021
DEF CON 29 Presentation: Worming through IDEs
-
August 18, 2020
Three More Google Cloud Shell Bugs Explained
-
July 21, 2020
Compiler Fun
-
July 19, 2020
Playing with DigitalOcean Kubernetes
-
June 8, 2020
Discovering an XXE in Postgres (CVE-2020-13692)
-
May 18, 2020
Fuzzing libsignal-protocol-c with libfuzzer and OSS-Fuzz
-
May 13, 2020
Rediscovering CVE-2019-18212: RCE in Eclipse Theia
-
August 23, 2019
Keybase SSH: An Open Source SSH CA