_                 _     
           | |               | |    
 _ __ _   _| |__  _   _   ___| |__  
| '__| | | | '_ \| | | | / __| '_ \ 
| |  | |_| | |_) | |_| |_\__ \ | | |
|_|   \__,_|_.__/ \__, (_)___/_| |_|
                   __/ |            
                  |___/             

navbar

home

posts

security research

random

security research and writing

Here is a list of all my security (or somewhat security adjacent) publications/writings/research etc. I have plans to move my threads from Twitter to longer form articles, but as they were first published there I will still treat them as a separate publication.

arXiv preprint, 2025 - Beneath the Mask: Can Contribution Data Unveil Malicious Personas in Open-Source Projects?

ruby.sh, 2024 - writing up my thoughts about CVE-2024-3094 and a very early release of a tool to audit git repositories for similar anomalous contributor behavior (reposted from twitter thread)

nist, 2020 - CVE-2020-11694 JetBrains PyCharm advisory

twitter, 2020 - JetBrains included their Apple code-signing and artifactory credentials in PyCharm builds

assetnote, 2019 - Getting access to Zendesk’s Google Cloud and Artifactory from GitHub dotfile repos

hackerone, 2019 - Leaked artifactory_key, artifactory_api_key, and gcloud refresh_token via GitHub.

tokyo, 2018 - Hack me if you can: inside the world of bug bounty hunting

nist, 2017 - CVE-2017-16755 / CVE-2017-16756 (HelpSpot disclosure)

hackerone, 2016 - Incoming email hijacking on sc-cdn.net (Snapchat)

medium, 2016 - First thoughts and a quick setup guide on Bash for Windows

medium, 2016 - Watch Paint Dry: How I got a game on the Steam Store without anyone from Valve ever looking at it.

medium, 2015 - Offensive Security’s “Penetration Testing with Kali Linux” Course — and why it’s possibly the best way to get started in InfoSec

-----

〜 last updated 2025年01月31日 | generated with ♡ by rubyshd on openbsd 〜