Signal Chaos
About Stuff

Stuff

  • Blog post: Plan Change Logic in Google Fiber (Webpass)

  • Blog post: Stored XSS, and SSRF in Google using the Dataset Publishing Language

  • Blog post: This book reads you - using JavaScript

  • Blog post: This book reads you - exploiting services and readers that support the ePub book format

  • VU#779243 EpubCheck 4.0.1 (IDPF ePub Validator) contains a XML external entity processing vulnerability

  • CVE-2016-7889 Adobe Digital Editions 4.5.2 (book reader) XXE.

  • CVE-2016-7666 Apple Transporter 1.9.2 XXE

  • Blog post: Journey into WebSockets Authentication/Authorization -
    https://nodesecurity.io/advisories/90 Node.js module, authentication bypass using WebSockets)

  • Participating in the Pentagon’s first bug bounty program: Meeting the Secretary of Defense, and some of the nice people at Defense Digital Service (DDS) [1] [2]

  • Blog post: SSJS Web Shell Injection

  • CVE-2014-2736 MODX <=2.2.13.

Signal Chaos

  • Signal Chaos
  • signalchaos

Observations in application security