chillax

Posts

• Remote Prompt Injection in Gitlab Duo Leads to Source Code Theft
  by chillaxon 5/23/2025, 7:12 AMwith 54 comments
• GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents
  by chillaxon 3/19/2025, 7:47 AMwith 0 comments
• Azure's Weakest Link? How API Connections Spill Secrets
  by chillaxon 3/11/2025, 9:54 AMwith 0 comments
• 8M Requests Later,We Made the SolarWinds Supply Chain Attack Look Amateur
  by chillaxon 2/6/2025, 12:09 PMwith 0 comments
• Top web hacking techniques of 2024
  by chillaxon 2/5/2025, 12:47 PMwith 0 comments
• Stealing HttpOnly cookies with the cookie sandwich technique
  by chillaxon 1/23/2025, 10:10 AMwith 0 comments
• Backdooring Your Backdoors – Another $20 Domain, More Governments
  by chillaxon 1/8/2025, 8:37 PMwith 0 comments
• September 2024 Progress Update on Microsoft's Secure Future Initiative (SFI)
  by chillaxon 9/25/2024, 12:49 PMwith 0 comments
• Hello eBPF: Building a Fast Firewall with Java and eBPF (14)
  by chillaxon 8/27/2024, 2:58 PMwith 0 comments
• Listen to the whispers: web timing attacks that work
  by chillaxon 8/7/2024, 7:28 PMwith 0 comments
• Single-packet race condition breaking the 65535 byte lim
  by chillaxon 8/5/2024, 9:09 AMwith 31 comments
• Ducks Now Sitting (DNS): Internet Infrastructure Insecurity
  by chillaxon 8/2/2024, 12:29 PMwith 0 comments
• Exploiting Client-Side Path Traversal to Perform CSRF – Introducing CSPT2CSRF
  by chillaxon 7/3/2024, 7:50 AMwith 0 comments
• Phantom Secrets: Undetected Secrets Expose Major Corporations
  by chillaxon 7/2/2024, 12:14 PMwith 0 comments
• Encryption at Rest: Whose Threat Model Is It Anyway?
  by chillaxon 6/4/2024, 11:25 AMwith 168 comments
• GitHub Self-Service Automation: Introduction to Repoman and Release
  by chillaxon 5/2/2024, 7:42 AMwith 0 comments
• Java Scoped Values: Better ThreadLocals
  by chillaxon 4/24/2024, 12:48 PMwith 0 comments
• HTTP/2 Continuation Flood
  by chillaxon 4/4/2024, 12:00 PMwith 0 comments
• Kobold letters: HTML emails are a risk
  by chillaxon 4/4/2024, 10:27 AMwith 136 comments
• ArchiveME - Digital Twin
  by chillaxon 3/4/2024, 7:45 PMwith 0 comments
• MavenGate: A supply chain attack method for Java and Android applications
  by chillaxon 1/23/2024, 2:27 PMwith 1 comments
• Google OAuth is broken (sort of)
  by chillaxon 12/20/2023, 1:00 PMwith 0 comments
• SMTP Smuggling – Spoofing Emails Worldwide
  by chillaxon 12/18/2023, 11:43 AMwith 0 comments
• Distribution Confusion in PyPI
  by chillaxon 9/21/2023, 9:41 AMwith 0 comments