Posts
Scanning Tailscale Funnel
Why *NOT* To Pin TLS Certificates
Multiple Vulnerabilities in Flower and Downstream Attacks on Airflow
Toxic Tokens: Using UUIDs for Authorization is Dangerous (even if they’re cryptographically random)
Methodology for High-Quality Web Application Security Testing
Code Patterns for API Authorization: Designing for Security
Advanced Frida Witchcraft: Turning an Android Application into a Voodoo Doll
The School of Frida Witchcraft: Java Spellcasting Errata
A Novel CSP Bypass Using `data:` URI
Apple's App-Site Association - The New `robots.txt`
subscribe via RSS