August 31, 2019
This post is a very informal writeup about multiple vulnerabilities in uftpd FTP server, some of which could lead to remote code execution.
August 19, 2019
This is a short writeup about a critical severity vulnerability that led me to discover another high severity vulnerability in a Navy website covered by the Department of Defense's HackerOne program.
July 11, 2019
This post is about a little-known type of vulnerability in which the attacker manipulates the parameters bound to prepared statements with malicious goals such as bypassing access control.
January 11, 2018
This blog post documents the construction and operation of a silent 6 GPU Ethereum miner I built for fun.
October 6, 2017
This is a technical writeup about a vulnerability in Mythic Beasts that led to total account compromise, and why being able to chain XSS with CSRF is so dangerous.
September 2, 2017
This was written to help some friends of mine who are becoming interested in cybersecurity to be able to learn. It explains web vulnerabilities including XSS, CSRF, SQLi, IAC, and window.opener.