Open in app

Sign In

Write

Sign In

Luke Young
Luke Young

102 Followers

Home

About

Published in better appsec

·Pinned

Building a WebAuthn Click Farm — Are CAPTCHAs Obsolete?

How I built a click farm to “bypass” Cloudflare’s CAPTCHA killer with some cheap USB security keys, an Arduino, and a bit of python. Any opinions stated here are my own, not necessarily those of any past, present, or future employer. What is Attestation of Personhood? Cloudflare recently published a blog post about a potential…

Webauthn

9 min read

Building a WebAuthn Click Farm — Are CAPTCHAs Obsolete?
Building a WebAuthn Click Farm — Are CAPTCHAs Obsolete?
Webauthn

9 min read


Published in bored.engineer

·Dec 1, 2022

XSS on account.leagueoflegends.com via easyXDM [2016]

This post contains a chain of vulnerabilities I responsibly disclosed to Riot Games in November of 2016. I’m publicly disclosing it now as the first post in a series of interesting and/or technically complex vulnerability reports/findings I’ve made over the years. …

Security

9 min read

XSS on account.leagueoflegends.com via easyXDM [2016]
XSS on account.leagueoflegends.com via easyXDM [2016]
Security

9 min read


Published in bored.engineer

·Aug 2, 2017

DEF CON 25: Slides and Source Code

linkedin/jaqen jaqen - Jaqen - Simple DNS rebindinggithub.com

1 min read

1 min read


Published in bored.engineer

·Aug 6, 2016

DEF CON 24: Slides and Exploit

Here’s the slides and exploits from the DEF CON 24 talk in Las Vegas, NV. Video to follow in a few weeks. Slides v1 drive.google.com Update on the slides, these issues have all been resolved, the slides were not updated before upload to the DEF CON server bored-engineer/ps-exploits ps-exploitsgithub.com bored-engineer/ps-splunk ps-splunk - Splunk perfSONAR toolsgithub.com

1 min read

1 min read


Published in bored.engineer

·Jul 22, 2016

git init && git commit -a -m “Initial Commit”

I decided to relaunch my blog with my recent domain name change. It’s unlikely I will migrate the old content, but look forward to my incoherent ramblings about security bugs and the state of the industry in the future.

1 min read

1 min read

Luke Young

Luke Young

102 Followers

I find bugs and exploit them. Sometimes for money, mainly for T-Shirts. https://www.linkedin.com/in/bored-engineer/

Following
  • TJ Holowaychuk

    TJ Holowaychuk

  • Collin Greene

    Collin Greene

  • Free Wortley

    Free Wortley

  • Nate Weiner

    Nate Weiner

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech