Open in app

Sign In

Write

Sign In

d0nut

1.5K Followers

Home

About

Pinned

Eliminating Authorization Vulnerabilities with Dacquiri

Over the last year I’ve taken a step away from my usual bug bounty work to focus more on building resync — my continuous reconnaissance platform. …

Rust

6 min read

Eliminating Authorization Vulnerabilities with Dacquiri
Eliminating Authorization Vulnerabilities with Dacquiri
Rust

6 min read


Jan 5, 2021

My Year in Review — 2020

A Star is Born As we collectively (and emphatically) usher in 2021, I can’t help but look back on 2020 in an effort to try and make sense of it all. 2020, for me, was the year I was going to become…

12 min read

My Year in Review — 2020
My Year in Review — 2020

12 min read


Published in d0nut reads

·Jun 10, 2020

Week 3: Real Talk on Real Numbers

In continuation of the philosophical and foundational nature of the book thus far, Chapter 3 opens with a discussion on kinds of numbers, our reliance on the appearance of some of them in nature and how that fueled their original derivation, and how we can rederive them without ties to…

Numbers

3 min read

Week 3 — Real Talk on Real Number Systems
Week 3 — Real Talk on Real Number Systems
Numbers

3 min read


Published in d0nut reads

·Jun 10, 2020

Week 2

This week wasn’t about me. I and millions of others were focused on the murder of George Floyd. Black Lives Matter. My progress will resume in the next update.

1 min read

Week 2
Week 2

1 min read


Published in d0nut reads

·May 27, 2020

Week 1: The Road to Reality

I love watching educational Youtube channels. It’s a great way to constantly keep myself exposed to science and technology. And this is nothing new: I’ve always been engrossed with STEM. Even at a young age, I was sure that I would become a scientist or an engineer, destined to discover…

Reading

6 min read

Week 1: The Road to Reality
Week 1: The Road to Reality
Reading

6 min read


Apr 27, 2020

Piercing the Veal: Short Stories to Read with Friends

It’s been over a year and a half since I’ve started my bug bounty journey as a hacker. With years of experience triaging reports and working in security, I’ve seen a plethora of bug types, attack vectors, and exploitation techniques. …

Bug Bounty

16 min read

Piercing the Veal: Short Stories to Read with Friends
Piercing the Veal: Short Stories to Read with Friends
Bug Bounty

16 min read


Aug 20, 2019

Attacks on Applications of K-Anonymity — For the Rest of Us

Three weeks ago I saw a blog post by fellow bug hunter, Jack Cable. The post both inspired and challenged me. The attack vector presented was focused more on reduction in computational security than a binary outcome (e.g. XSS, which either fires or it doesn’t). Jack’s article presents a theoretical…

Security

9 min read

Attacks on Applications of K-Anonymity — For the Rest of Us
Attacks on Applications of K-Anonymity — For the Rest of Us
Security

9 min read


Apr 11, 2019

Better Exfiltration via HTML Injection

This is a story about how I (re)discovered an exploitation technique and took a bug with fairly limited impact to a 5 digit bounty by bypassing existing mitigations. A Curious Case of HTML Injection André Baptista and Cache-Money were working on a very strange bug. It started off as a simple character-set bypass and through a…

Bug Bounty

7 min read

Better Exfiltration via HTML Injection
Better Exfiltration via HTML Injection
Bug Bounty

7 min read


Sep 25, 2018

5 Tips Bug Bounty Programs *Want* You to Know About

If you’re not aware, I joined Dropbox’s security team last September. Since then, I’ve become very involved in the bug bounty community on two fronts: both running a program and as a hacker in my spare time. …

Security

7 min read

5 Tips Bug Bounty Programs *Want* You to Know About
5 Tips Bug Bounty Programs *Want* You to Know About
Security

7 min read


Published in InfoSec Write-ups

·Jul 25, 2018

Exfiltration via CSS Injection

Today’s topic is something that’s already pretty well covered: CSS injections. I wanted to talk about my experience implementing this attack on a real site. As you may have encountered, the situation in which you find a vulnerability may not be the pristine situation many vulnerabilities are originally described in…

CSS

4 min read

Exfiltration via CSS Injection
Exfiltration via CSS Injection
CSS

4 min read

d0nut

d0nut

1.5K Followers

Security Engineer, developer, and part-time bug hunter

Following
  • Marianne Bellotti

    Marianne Bellotti

  • United States Digital Service

    United States Digital Service

  • Nishant Tiwari

    Nishant Tiwari

  • evildaemond

    evildaemond

  • ­Mathias Karlsson

    ­Mathias Karlsson

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech