Here’s a fun html-injection vulnerability in one of Stanford University’s websites and how I found it. Screenshot of HTML-injection vulnerability proof of concept:

Announcing my latest developer tool: Source Snapshot – A source code directory visualizer for your browser.

A simple cheatsheet for Solidity Integer ranges, from uint8 to uint256. In data types, size does matter :0.

I recently bought a new DIR-842 home router, and immediately (as any hacker would) started toying with it - I can’t call it mine until I pop a shell on it. Rather quickly I found I can enable telnet through the admin web gui, and then connect to telnet with an admin user. But that was too easy, so let’s see if we can find a bug/vulnerability.

If you too have been personally victimized by Python3’s 'str' object has no attribute 'decode' exception and other string/bytes-related exceptions, I feel your agony. Trauma from such errors have stopped me from using Python3 for code handling buffers, like POCs for vulnerabilities or CTF exploits. Here’s a reference guide on how to convert between Python3’s hexstr/str/bytes/bytearray.