Sometimes after looking at web application security, IoT botnets, and various malware I long for the pre-2000 hacking days. Where, instead of looking for XSS…
Apache .htaccess changes led to arbitrary file upload vulnerabilities in jQuery project I attended the Messaging, Malware and Mobile Anti-Abuse Working Group (m3aawg.org) meeting in…
Summary Over the past few months, I’ve been monitoring the proliferation of exploits for some of my disclosed Wordpress Plugin and Joomla Extension vulnerabilities against…
I’ve spent a fair amount of my time examining code for vulnerabilities, I recently began to focus specifically on SQL injection. While investigating this specific…
I've been finding bugs in software since 1999 or so, I've reported over 150 vulnerabilities in that time, ranging from format string vulnerabilities to XSS.…
Over the past several months I've been working with a few folks including Kurt Seifried from Redhat and Dan Adinolfi from Mitre on improving the…
I have been focused on vulnerability research against WordPress Plugins and more recently Joomla Extensions. During my talk at Defcon 24, I spoke about my…