PinnedEliminating Authorization Vulnerabilities with DacquiriDacquiri identifies and eliminates authorization vulnerabilities by turning them into compiler errors.Jan 29, 2022Jan 29, 2022
Published ind0nut readsWeek 3 — Real Talk on Real Number SystemsIn continuation of the philosophical and foundational nature of the book thus far, Chapter 3 opens with a discussion on kinds of numbers…Jun 10, 2020Jun 10, 2020
Published ind0nut readsWeek 1: The Road to RealityI love watching educational Youtube channels. It’s a great way to constantly expose myself to science and technology as I’ve always been…May 27, 2020May 27, 2020
Piercing the Veal: Short Stories to Read with FriendsIt’s been over a year and a half since I’ve started my bug bounty journey as a hacker. With years of experience triaging reports and…Apr 27, 20204Apr 27, 20204
Attacks on Applications of K-Anonymity — For the Rest of UsThree weeks ago I saw a blog post by fellow bug hunter, Jack Cable. The post both inspired and challenged me. The attack vector presented…Aug 20, 2019Aug 20, 2019
Better Exfiltration via HTML InjectionThis is a story about how I (re)discovered an exploitation technique and took a bug with fairly limited impact to a 5 digit bounty by…Apr 11, 20194Apr 11, 20194
5 Tips Bug Bounty Programs *Want* You to Know AboutIf you’re not aware, I joined Dropbox’s security team last September. Since then, I’ve become very involved in the bug bounty community on…Sep 25, 2018Sep 25, 2018
Published inInfoSec Write-upsExfiltration via CSS InjectionToday’s topic is something that’s already pretty well covered: CSS injections. I wanted to talk about my experience implementing this…Jul 25, 20182Jul 25, 20182