Show more

"Don’t trust the locals: investigating the prevalence of persistent client-side cross-site scripting in the wild"

Always sanitize the content fetched for local-storage before injecting it on any page.

"Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem"

Project's dependencies are an important attack vector.

"Discovering a zero day and getting code execution on Mozilla's AWS Network"

The issue was on the webpagetest project but it was a nice read nevertheless.

"Gearbest Hack: Hundreds of Thousands Affected Daily by Huge Data Breach"

Always knew that a large amount of these privacy policies we see on many websites are just boilerplate and complete BS.

Show more
Social feed

This is a personal and private instance.