Jackpot, full arbitrary account takeover of any chess.com user!

I recently participated in FireEye’s seventh annual Flare-On Challenge, a reverse engineering and malware analysis Capture The Flag (CTF) comp

Between the period of July 6th to October 6th myself, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes worked together and hacked on the Apple bug bounty program.

<p>You can find this blog post on Assetnote's blog.</p>

Last month, the Centre for Strategic Infocomm Technologies (CSIT) invited local cybersecurity enthusiasts to tackle the InfoSecurity Challenge (TISC). The Challenge was organized in a capture-the-f...

<p>You can find this blog post on Assetnote's blog.</p>

Every time I watch space documentaries or look up at the stars at night, or think about things on a universal scale, my troubles melt away. Perspective is a very powerful tool for overcoming the st...

This blog post will go through my whitebox review of an unnamed Electron application from a bug bounty program. I will demonstrate how I escalated an open redirect into remote code execution with t...

My second guest post on Honeybadger’s blog, entitled Protecting Your Apps From Link-based Vulnerabilities: Reverse Tabnabbing, Broken-Link Hijacking, and Open Redirects has just been published!

TL;DR ¶ To familiarise myself with the updated design draft on Type Parameters in Go, I wrote a generic implementation of a bidirectional map. You can try it out in this playground. Edit (2022-04-0...