Blog

I found a security vulnerability, how do I disclose it?

I get different people approaching me all the time regarding this question; how do you disclose security vulnerabilities? In this post I’ll share my thoughts on the subject. First of all, you should probably stay away from researching vulnerabilities on-line, wihtout permission. Your hat will quickly turn to shades of grey, and suddenly black before you […]

Continue Reading
Blog

News anchor challenged me to hack his Facebook account – Did he regret his decision?

I was privileged enough to be interviewed on Norwegian breakfast TV Saturday morning. The reporter had asked me to try hack his Facebook account the day before. Do you think he regret his decision? Here is the clip: – Norwegian (original):  www.tv2.no/v/867173/ – English: https://www.youtube.com/watch?v=JhMpjSiqq5s (turn on subtitles)

Continue Reading
Blog

Finding Zero-Day XSS Vulns via Doc Metadata (+ WordPress 0day)

I’ve just released a blog post over at SANS pen-testing blog. Check out my latest article there: http://pen-testing.sans.org/blog/pen-testing/2014/12/04/cross-site-scripting-through-file-metedata It contains details on using metadata as an attack vector, and using these techniques to metadata bomb documents to find zero-days. I hope you enjoy it.

Continue Reading
Back To Top