Import the World, Import the Risk - Exploiting via MathJax.js

Tue, Aug 16, 2016
In this article I make the case that one should carefully consider their dependencies by exploiting MathJax.js for a stored XSS on

How I hacked by exploiting an SVG vulnerability in plotly.js

Tue, Aug 9, 2016

Hacking Concrete5 – ProBlog 2.6.6 & ProEvent 2.8.5 (CSRF, XSS, Side Effects)

Mon, May 23, 2016

When Security Reports Go Ignored – Hacking Concrete5’s ProEvent Plugin

Thu, Apr 14, 2016

Understanding When To Use Channels Or Mutexes In Go

Sat, Jan 23, 2016

How to get punched in the face by Go’s Standard Library (and arguably my own stupidity)

Tue, Jun 24, 2014

How To: Shove data into Postgres using Goroutines and GoLang

Tue, Oct 29, 2013

Hacking Java Bytecode for Programmers (Part4) – Krakatau And The Case Of The Integer Overflow

Tue, Jun 25, 2013

Hacking Java Bytecode for Programmers (Part3) – Yes, disassemble with Javap ALL OVER THE PLACE!

Tue, May 28, 2013

Hacking Java Bytecode for Programmers (Part2) – Lions, and Tigers, and OP Codes, OH MY!

Fri, May 17, 2013