I research novel web attack techniques. More details at
https://jameskettle.com/
- Drag and Pwnd: Exploiting VS Code with ASCII
by albinowax_ on 5/7/25, 10:27 AM, with comments
- Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information
by albinowax_ on 8/28/24, 8:14 AM, with comments
- Chaining Three Bugs to Access All Your ServiceNow Data
by albinowax_ on 7/11/24, 1:11 PM, with comments
- ORM Leak Vulnerabilities
by albinowax_ on 6/25/24, 12:51 PM, with comments
- Hacking millions of modems and investigating who hacked my modem
by albinowax_ on 6/3/24, 6:51 AM, with comments
- Getting XXE in Web Browsers Using ChatGPT
by albinowax_ on 5/22/24, 2:48 PM, with comments
- Response Filter Denial of Service: shut down a website by triggering WAF rule
by albinowax_ on 5/21/24, 7:04 AM, with comments
- Source Code Disclosure in Asp.net via Cookieless Sessions
by albinowax_ on 3/7/24, 2:32 PM, with comments
- ChatGPT Account Takeover via Wildcard Web Cache Deception
by albinowax_ on 2/12/24, 8:22 AM, with comments
- Detection and Exploitation of Ivanti's Pulse Connect Secure RCE
by albinowax_ on 1/19/24, 11:18 AM, with comments
- The curl quirk that exposed Burp Suite and Google Chrome
by albinowax_ on 3/28/23, 2:50 PM, with comments
- Remote code execution in Homebrew by compromising the official Cask repository
by albinowax_ on 4/21/21, 2:58 PM, with comments
- Brave browser’s Tor feature found to leak .onion queries to ISPs
by albinowax_ on 2/19/21, 2:34 PM, with comments
- Cracking reCAPTCHA, Turbo Intruder Style
by albinowax_ on 11/21/19, 4:13 PM, with comments
- The age of browser XSS filters is over
by albinowax_ on 7/16/19, 2:53 PM, with comments
- Significant new web hacking techniques from 2018
by albinowax_ on 2/28/19, 1:57 PM, with comments
- Abusing Meta Programming for Unauthenticated RCE in Jenkins
by albinowax_ on 2/19/19, 3:01 PM, with comments
- Turbo Intruder: Embracing the Billion-Request Attack
by albinowax_ on 1/28/19, 1:14 PM, with comments