February 17, 2022

Most modern browsers have added the “SameSite: Lax” attribute to session cookies as default when not otherwise set. The driving factor for this change is to have a better default to defend against Cross-Site Request Forgery (CSRF). Did this end CSRF as we know? Mostly, but there are some interesting gaps where it can still be a problem. This blog post will briefly cover what CSRF is, how the SameSite attribute affects it, and an interesting gap discovered in the wild.

May 07, 2021

Normally the extent of my hardware involvement with Kernelcon ends with the electronic badge. However, our event this year, HackLive, was setup to have a hardware challenge to be solved by Kingpin (Joe Grand). And through a series of circumstances, I ended up taking on the task. This blog post will cover what went into building the HackLive challenge and what came out the other side!

July 04, 2020

This year’s DefCon theme, albeit virtual, got me excited and I had a good idea for the short story contest. This blog post contains a little background and that story!