Posts

• November 3, 2022 hiSHtory: Launching on HN and Reddit
• October 15, 2022 hiSHtory: Cross-device Encrypted Syncing Design
• September 26, 2022 hiSHtory: Your shell history in context, synced, and queryable
• March 9, 2022 The limits of the same-origin policy: cross-origin (but same-site) attacks
• January 3, 2022 Log4j Scanning
• October 10, 2021 Stopping XS-Leaks at Scale
• July 6, 2021 DEF CON 29 Presentation: Worming through IDEs
• August 18, 2020 Three More Google Cloud Shell Bugs Explained
• July 21, 2020 Compiler Fun
• July 19, 2020 Playing with DigitalOcean Kubernetes
• June 8, 2020 Discovering an XXE in Postgres (CVE-2020-13692)
• May 18, 2020 Fuzzing libsignal-protocol-c with libfuzzer and OSS-Fuzz
• May 13, 2020 Rediscovering CVE-2019-18212: RCE in Eclipse Theia
• August 23, 2019 Keybase SSH: An Open Source SSH CA
• July 14, 2018 Measuring Open Proxies v2
• April 26, 2017 Pwning River Hawk's Bootloader Without DPA or Glitching
• March 8, 2017 XSS and SQLi Scanning with mitmproxy
• April 17, 2016 XSS in pypi (and Uber!)
• April 17, 2016 CSV Injection in business.uber.com
• April 17, 2016 XSS in getrush.uber.com

• 1
• 2
• ›
• »