Profile

Scrapbook photo 1
Scrapbook photo 2
Scrapbook photo 3
Scrapbook photo 4
Scrapbook photo 5
Eduardo Vela (sirdarckcat)
Lives in San Francisco Bay Area, CA
1,854,037 views
AboutPostsPhotosYouTubeReviews
Collections Eduardo is following
Work
Occupation
Security Engineer
Basic Information
Gender
Male
Relationship
Married
Other names
sirdarckcat, sdc
Story
Tagline
Not mad.
Bragging rights
Survived the rapture.
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
San Francisco Bay Area, CA
Previously
Mexico City - Hangzhou, China
Links
Contributor to

Stream

 
;-P
1
Add a comment...
 
20 years ago Nintendo released the first generation of Pokemon for Gameboy. And as with any software, it had bugs =)

As the creator of NES said it[1], glitches make games more fun, the same way vulnerabilities make software development more interesting.

[1] http://www.gamnesia.com/news/the-creator-of-the-nes-fondly-recalls-how-glitches-made-some-games-more-fun
Pokemon first generation: Long-range trainer escape glitch. Unknown (first described in 2003 by Daniel26) The player wants to capture any Pokemon (usually Mew). In Game Boy, the game code runs in cycles. On every cycle the screen is drawn, and the code has a chance to decide what to display the ...
1
Paul Hosking's profile photo
 
Kind of in the way that mutations help advance evolution... when it isn't just creating debilitating maladies.
Add a comment...
 
CVE-2014-1568, CVE-2006-4339. Daniel Bleichenbacher The attacker wants to forge a cryptographic signature. RSA is an algorithm invented in the 70's that makes it possible to do cryptographic encryption, and signing. To use this, someone publishes two values (e and N) and keeps another value (d) ...
3
1
Add a comment...
 
Range Responses: Mix, Match & Leak
Hey! The videos from AppSec 2015 are now online, and the Service Workers talk is too. Anyway, this post is about another of the slides in the presentation about Range Requests / Responses (or.. more commonly known as Byte Serving) and Service Workers. As th...
Hey! The videos from AppSec 2015 are now online, and the Service Workers talk is too. Anyway, this post is about another of the slides in the presentation about Range Requests / Responses (or.. more commonly known as Byte Serving) and Service Workers. As things go, turns out you can read content ...
1
Add a comment...
 
+Zhengyee Zhong Vela​ and I made this site as a small home project. The challenge being to create paintings inspired by security vulnerabilities.

They aren't supposed to be illustrations meant to explain the bug but rather tell a story inspired by them.

We are looking for feedback! What works and what doesn't. What is interesting and what is dull!

So far there are only five paintings in the site, some work better than others, what do you think?

Comment here, in HN or by email! Thanks :-)
Hacker News · new | comments | show | ask | jobs | submit · login · Security Bugs Gallery (bugs.gallery). 1 point by sirdarckcat 40 minutes ago | discuss · Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact. Search:
6
2
Shiv “Shivs” Mel's profile photo
 
Hn?? Really??
Add a comment...
 
So WeChat is invulnerable to the iOS crash bug. #ThanksCensorship
3
Add a comment...
 
Creating a Decentralized Security Rewards Market
Imagine a world where you, a security researcher, could make money on your open source contributions, and your expertise about the security of any software. Without the intervention of the vendor, and without having to sell vulnerabilities to shady (and not...
Imagine a world where you, a security researcher, could make money on your open source contributions, and your expertise about the security of any software. Without the intervention of the vendor, and without having to sell vulnerabilities to shady (and not-so-shady) third-parties.
1
1
Shiv “Shivs” Mel's profile photoLea Kissner's profile photoEduardo Vela (sirdarckcat)'s profile photo
Add a comment...
 
Thanks, Internet.
1
Jossue zhyzura's profile photo
 
Creo que ya tuve demasiado internet por hoy jjajjajajjajjajjajjajja
 ·  Translate
Add a comment...
 
This time about Pixel Perfect. #SecurityBugsGallery
Paul Stone The attacker wants to know the appearance of another websites. Many websites allow themselves to be placed inside other websites with what is called an iframe (this is the default behavior, so it is very common for sites to be framed). For those websites that allow themselves to be ...
1
2
Add a comment...
 
A couple thoughts on vulnerability research and bug bounties :)

http://sirdarckcat.blogspot.ch/2015/09/not-about-money.html
6
Eduardo Vela (sirdarckcat)'s profile photoKristian Hermansen's profile photo
3 comments
 
They knew. And they have the source code
Add a comment...
 
The most powerful hacker of all time.
3
1
Add a comment...
 
[Service Workers] Secure Open Redirect becomes XSS Demo
This is the shortest delay between blog posts I've had in a while, but I figured that since my   last post  had some confusing stuff, it might make sense to add a short demo. The demo application has three things that enable the attack: An open redirect. Av...
1
1
Add a comment...
Public - 2 years ago
reviewed 2 years ago
Food: Very GoodDecor: Poor - FairService: Very Good
Public - 3 years ago
reviewed 3 years ago
Food: ExcellentDecor: ExcellentService: Excellent
Public - 3 years ago
reviewed 3 years ago
During spring the garden is beautiful.
Public - 4 years ago
reviewed 4 years ago
23 reviews
Map
Map
Map
Food: ExcellentDecor: Very GoodService: Excellent
Public - 3 years ago
reviewed 3 years ago
Nice place, it has the layout of a bar so you sit with other people.
Food: Very GoodDecor: Very GoodService: Excellent
Public - 4 years ago
reviewed 4 years ago
Ordered their "special" (wrap), and soup. Lacks flavor and overpriced. Will not come back.
Public - 4 years ago
reviewed 4 years ago