posts

---

Stealer Logs Part 2 (NZ’s most common passwords) _{^{(external link)}}

April 4th 2025

An article analysing a sample of New Zealand passwords from infostealer logs.

Silverstripe - Zero-click to account takeover _{^{(external link)}}

January 21st 2025

An advisory regarding an account takeover on websites using the Silverstripe CMS, taking advantage of Microsoft SafeLinks’ automated link scanning.

Deadlock - Player IP address disclosure of the entire lobby

December 16th 2024

A write-up for my first bug bounty, where <img> tags in Deadlock’s in-game chat disclosed IP addresses of all players in the lobby.