My slides from a talk I did at Cambridge about Static Program Analysis. I go into how data flow analysis (like taint propagation in CodeQL) works from first principles — should be digestible with some first-year university maths knowledge
zeyu2001.github.io/cam-ib-tech-...
First onsite CTF in the UK! cheriPI @ pwnEd
Kind of strange flying 15 hours to get to Taiwan, when my home is only 4 hours away. Anyway I'm here for HITCON!
I will never be 21 and whining about CTF infrastructure from a luxury suite in Vegas with my teammates again.
Earlier this month, I participated in the DEF CON 31 CTF and Midnight Sun CTF. This post serves as proof that I touched grass along the way.
infosec.zeyu2001.com/2023/def-con...
done with my first linecon!
Will be in LA on 6-7, Vegas 8-14, Munich 15-18, Stockholm 19-20. Let me know if you'd like to meet up!
Thanks for the feature!
Many cross-site leak (XS-Leak) attacks are limited by SameSite cookies, and the ones that make use of top-level navigations aren't stealthy enough. What if we could weaponise HTML injection (where XSS is blocked by CSP) to leak data? Here's my small research rabbit hole from a few weekends ago...