Posts
-
November 3, 2022
hiSHtory: Launching on HN and Reddit
-
October 15, 2022
hiSHtory: Cross-device Encrypted Syncing Design
-
September 26, 2022
hiSHtory: Your shell history in context, synced, and queryable
-
March 9, 2022
The limits of the same-origin policy: cross-origin (but same-site) attacks
-
January 3, 2022
Log4j Scanning
-
October 10, 2021
Stopping XS-Leaks at Scale
-
July 6, 2021
DEF CON 29 Presentation: Worming through IDEs
-
August 18, 2020
Three More Google Cloud Shell Bugs Explained
-
July 21, 2020
Compiler Fun
-
July 19, 2020
Playing with DigitalOcean Kubernetes
-
June 8, 2020
Discovering an XXE in Postgres (CVE-2020-13692)
-
May 18, 2020
Fuzzing libsignal-protocol-c with libfuzzer and OSS-Fuzz
-
May 13, 2020
Rediscovering CVE-2019-18212: RCE in Eclipse Theia
-
August 23, 2019
Keybase SSH: An Open Source SSH CA
-
July 14, 2018
Measuring Open Proxies v2
-
April 26, 2017
Pwning River Hawk's Bootloader Without DPA or Glitching
-
March 8, 2017
XSS and SQLi Scanning with mitmproxy
-
April 17, 2016
XSS in pypi (and Uber!)
-
April 17, 2016
CSV Injection in business.uber.com
-
April 17, 2016
XSS in getrush.uber.com