Years ago I was working on a project that had a rather interesting premise. It was a way to send a file between two parties…
Apache .htaccess changes led to arbitrary file upload vulnerabilities in jQuery project I attended the Messaging, Malware and Mobile Anti-Abuse Working Group (m3aawg.org) meeting in…
What makes security practitioners tick? That's a simple question with a lot of drivers underneath it. We want to find out; please help us by signing…
This is a repost of a blog that Joe Marshall (@ImmortanJo3) and I wrote on February 22, 2016 and @da_667 posted to his blog (which is now…
I’ve spent a fair amount of my time examining code for vulnerabilities, I recently began to focus specifically on SQL injection. While investigating this specific…
Deep web, Dark web, Darknet... These terms are often used interchangeably despite representing distinct, but related segments of the Internet. The deep web (sometimes called the…
RSA Parties 2017 List It is that time of year again and the RSA Parties 2017 list is back again! The RSA Security Conference approaches…
I have been focused on vulnerability research against WordPress Plugins and more recently Joomla Extensions. During my talk at Defcon 24, I spoke about my…
RSAC2016 Folks are grousing about RSA's decision to tap actor Sean Penn for the closing keynote this week, since the man knows nothing about security. I share…
Misconfigurations are a pain in the arse. They lead to more website compromises than inverted flux capacitors. But, in all seriousness it seems that the…