Simulating discovery of CVE-2003-0344
This is going to be a very long, very large post where I pontificate quite a bit to empty out my head. There’s a lot of disparate thoughts rattling around th...
Recent Posts
Code Execution out of VST Plugins
For the second time this month I have been forced to realise that I need to build up a golden image for a dedicated development machine. Unrelated to this po...
The Price of Good
Alternative titles for this post I came up with included “What is premium?” and the exceedingly clever “Premium and the art of good enough”. This post wa...
GraphQL Denial of Service with DVGA
In an act of sheer irony, after passing my OSWE, I have been on all manner of odd, bespoke testing but not as much web work as I was doing before taking the ...
Crafting CSP Spells
Todays adventures take us down a rabbit hole I see pop up almost constantly in my testing; which developer doesnt care about Content Security Policy (CSP) th...