2 followers
Penetration tester, security researcher and full-time Lego enthusiast. I am endlessly trying to explore and apply new (and far too complicated...) attack techniques.
Write-up In this blog post, my colleagues at Outpost24 and I walkthrough some of the wilder Cross-Site Scripting attacks we've managed to conceive...
Web Cache Deception, first discovered (I think...) here, is a rare attack class that enables an attacker to trick users into storing sensitive...
Write-up In this blog (linked above) I walkthrough one of the most complex exploits I have created to-date resulting in application-wide session...
Write-up In this blog (linked above) I explain how I used param-miner to discover a critical privilege escalation vulnerability in Azure's API...