PinnedEliminating Authorization Vulnerabilities with DacquiriDacquiri identifies and eliminates authorization vulnerabilities by turning them into compiler errors.Jan 29, 2022Jan 29, 2022
Published ind0nut readsWeek 3 — Real Talk on Real Number SystemsIn continuation of the philosophical and foundational nature of the book thus far, Chapter 3 opens with a discussion on kinds of numbers…Jun 10, 2020Jun 10, 2020
Published ind0nut readsWeek 1: The Road to RealityI love watching educational Youtube channels. It’s a great way to constantly expose myself to science and technology as I’ve always been…May 27, 2020May 27, 2020
Piercing the Veal: Short Stories to Read with FriendsIt’s been over a year and a half since I’ve started my bug bounty journey as a hacker. With years of experience triaging reports and…Apr 27, 20204Apr 27, 20204
Attacks on Applications of K-Anonymity — For the Rest of UsThree weeks ago I saw a blog post by fellow bug hunter, Jack Cable. The post both inspired and challenged me. The attack vector presented…Aug 20, 2019Aug 20, 2019
Better Exfiltration via HTML InjectionThis is a story about how I (re)discovered an exploitation technique and took a bug with fairly limited impact to a 5 digit bounty by…Apr 11, 20194Apr 11, 20194
5 Tips Bug Bounty Programs *Want* You to Know AboutIf you’re not aware, I joined Dropbox’s security team last September. Since then, I’ve become very involved in the bug bounty community on…Sep 25, 2018Sep 25, 2018
Published inInfoSec Write-upsExfiltration via CSS InjectionToday’s topic is something that’s already pretty well covered: CSS injections. I wanted to talk about my experience implementing this…Jul 25, 20182Jul 25, 20182
Week 17: Hash Length ExtensionsThis week I spent a little bit of time working on Hash Length Extensions. HLE is a technique that allows an attacker to abuse poorly…Oct 2, 2017Oct 2, 2017
Week 16: Kangaroo MethodIt’s been a couple of stressful but rewarding weeks as I have finally moved to beautiful San Francisco. While moving has been on my mind…Sep 26, 2017Sep 26, 2017
Week 15: Hello, Dropbox!This (last) week I accepted an offer to work at Dropbox on their Product Security team. I’m very excited that after all this hard work…Sep 6, 2017Sep 6, 2017
Week 14: Improving My Threat Modeling MethodologyThreat modeling is the process of identifying threats, enumerating appropriate mitigations, and accepting risk where necessary. While…Aug 21, 20171Aug 21, 20171
Week 13: Introduction to Buffer OverflowsI decided this week to tackle an offensive measure that I’ve had problems with in the past. RE (reverse engineering) and buffer overflows…Aug 13, 2017Aug 13, 2017
Week 12: Building x.509 CertificatesAnother week of work on my password manager has gone by and I’ve been making solid progress. One day soon I’ll get around to discussing…Aug 8, 2017Aug 8, 2017
Week 11: Facebook Conceal for Fast Key Derivation on AndroidI had an awfully busy week that, unfortunately, didn’t afford me an opportunity to learn too much new security topics. While I did get a…Aug 1, 2017Aug 1, 2017
Week 10: BSides Augusta Twitter Challenge WriteupThis week I spent a lot of time working on Passloch, my password manager. While I’ve been making lots of progress with Passloch, I took a…Jul 24, 2017Jul 24, 2017
