This is a place where I share my thoughts, ideas, and experiments in the world of programming, technology, and beyond. You can find my latest work below, or explore using the side menu or top navigation bar.
Latest Blog Posts
- Dec 30, 2024
Simple Prompts to get the System PromptsExploring prompt injection techniques to extract hidden system prompts from popular AI wrappers and chatbots. - Apr 21, 2024
The curse of blindness and knowledgeA reflection on how both lack of knowledge and overconfidence can hinder progress, and strategies to find balance. - Aug 20, 2023
A list of good and bad learning resourcesA curated list of recommended and discouraged resources for learning programming and technology, with explanations for each.
Latest Research
- Stealing OAuth tokens of connected Microsoft accounts via open redirect in Harvest App Reported an OAuth token leak via open redirect in Harvest.
- Breaking The Mutant Language's "Encryption (Writeup)" AppSec Village DEF CON 31 CTF^2 (developer) winning entry. Bypassed the encryption and mutation techniques of the Mutant Language.
- CraftCMS Zero-day Chain: XSS to SSTI triggering RCE Reported CVE-2021-27902 (XSS) and CVE-2021-27903 (SSTI) that can be chained together to gain Remote Code Execution in CraftCMS.