I am working for c/side, focusing on protecting customers from client-side supply chain attacks. We offer a free tier as well, so you can onboard your personal website here.
DEFCON 31 (2023) and DEFCON 32 (2024)Finalist: 2nd Place Both
A collection of my thoughts and research in the field of cyber security.
CoinMarketCap Client-Side Attack: A Comprehensive Analysis
Is relying on Indicators of Compromise secure enough?
Weaponized Google OAuth Triggers Malicious WebSocket
Ruthless Client-Side Attacks Targeting Multiple Platforms with ClickFix
Chinese Adult Content Scam Targets Mobile Users Through PWA Injection
Over 150K websites hit by full-page hijack linking to Chinese gambling sites
Over 35,000 Websites Targeted in Full-Page Hijack Linking to a Chinese-Language Gambling Scam
Government and university websites targeted in ScriptAPI[.]dev client-side attack
The cost of false positives - how we became a target
Over 5,000 WordPress sites caught in WP3[.]XYZ malware attack
Over 5,000 WordPress sites caught in WP3[.]XYZ malware attack
New client-side attack only a proxy could stop
Kuwait ecommerce site is being used to facilitate client-side skimming attacks
New Magecart attack code revealed
New 3rd party JS script attack found: Artifyau[.]com and Quantifymy[.]com
A detailed analysis of the magecart type attack on Cisco's merchant website.
A detailed analysis of the repeated data breaches affecting Ticketmaster.
Insights into the Magecart attack vector and how to mitigate it.
Discussion on how AI-driven WAF identified and mitigated a critical vulnerability.
Discussion on how AI-driven WAF identified and mitigated a critical vulnerability.
Discussion top exploits in 2022 from the eye of Cloudflare.
Cloudflare observation for CVE-2022-26134.
Spring4Shell attack mitigated by Cloudflare WAF.
Joompla exploit targeting websites.
Once click fraud on chinese websites infecting users to ask for money.
Facebook scam websites leading victimes to nuclear exploit kit.