Published in better appsec·PinnedBuilding a WebAuthn Click Farm — Are CAPTCHAs Obsolete?How I built a click farm to “bypass” Cloudflare’s CAPTCHA killer with some cheap USB security keys, an Arduino, and a bit of python. Any opinions stated here are my own, not necessarily those of any past, present, or future employer. What is Attestation of Personhood? Cloudflare recently published a blog post about a potential…Webauthn9 min read
Published in bored.engineer·Aug 2, 2017DEF CON 25: Slides and Source Codelinkedin/jaqen jaqen - Jaqen - Simple DNS rebindinggithub.com1 min read
Published in bored.engineer·Aug 6, 2016DEF CON 24: Slides and ExploitHere’s the slides and exploits from the DEF CON 24 talk in Las Vegas, NV. Video to follow in a few weeks. Slides v1 drive.google.com Update on the slides, these issues have all been resolved, the slides were not updated before upload to the DEF CON server bored-engineer/ps-exploits ps-exploitsgithub.com bored-engineer/ps-splunk ps-splunk - Splunk perfSONAR toolsgithub.com1 min read
Published in bored.engineer·Jul 22, 2016git init && git commit -a -m “Initial Commit”I decided to relaunch my blog with my recent domain name change. It’s unlikely I will migrate the old content, but look forward to my incoherent ramblings about security bugs and the state of the industry in the future.1 min read
