_                 _     
           | |               | |    
 _ __ _   _| |__  _   _   ___| |__  
| '__| | | | '_ \| | | | / __| '_ \ 
| |  | |_| | |_) | |_| |_\__ \ | | |
|_|   \__,_|_.__/ \__, (_)___/_| |_|
                   __/ |            
                  |___/

navbar

=> home | security research | random

security research and writing

Here is a list of all my security (or somewhat security adjacent) publications/writings/research etc. I have plans to move my threads from Twitter to longer form articles, but as they were first published there I will still treat them as a separate publication.

=> twitter, 2024 - thread writing up my thoughts about CVE-2024-3094 and a very early release of a tool to audit git repositories for similar anomalous contributor behavior

=> nist, 2020 - CVE-2020-11694 JetBrains PyCharm advisory

=> twitter, 2020 - JetBrains included their Apple code-signing and artifactory credentials in PyCharm builds

=> assetnote, 2019 - Getting access to Zendesk’s Google Cloud and Artifactory from GitHub dotfile repos

=> hackerone, 2019 - Leaked artifactory_key, artifactory_api_key, and gcloud refresh_token via GitHub.

=> tokyo, 2018 - Hack me if you can: inside the world of bug bounty hunting

=> nist, 2017 - CVE-2017-16755 / CVE-2017-16756 (HelpSpot disclosure)

=> hackerone, 2016 - Incoming email hijacking on sc-cdn.net (Snapchat)

=> medium, 2016 - First thoughts and a quick setup guide on Bash for Windows

=> medium, 2016 - Watch Paint Dry: How I got a game on the Steam Store without anyone from Valve ever looking at it.

=> medium, 2015 - Offensive Security’s “Penetration Testing with Kali Linux” Course — and why it’s possibly the best way to get started in InfoSec

=> 〜 generated with ♡ by rubyshd on openbsd 〜

Proxy Information
Original URL
gemini://ruby.sh/security_research
Status Code
Success (20)
Meta
text/gemini; charset=utf-8
Capsule Response Time
164.022393 milliseconds
Gemini-to-HTML Time
1.06282 milliseconds

This content has been proxied by September (ba2dc).