Profile

Scrapbook photo 1
Scrapbook photo 2
Scrapbook photo 3
Scrapbook photo 4
Scrapbook photo 5
Eduardo Vela (sirdarckcat)
Lives in San Francisco Bay Area, CA
1,642,905 views
AboutPostsPhotosYouTubeReviews
Story
Tagline
Not mad.
Bragging rights
Survived the rapture.
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
San Francisco Bay Area, CA
Previously
Mexico City - Hangzhou, China
Links
Contributor to
Work
Occupation
Security Engineer
Basic Information
Gender
Male
Relationship
Married
Other names
sirdarckcat, sdc

Stream

 
CVE-2014-1568, CVE-2006-4339. Daniel Bleichenbacher The attacker wants to forge a cryptographic signature. RSA is an algorithm invented in the 70's that makes it possible to do cryptographic encryption, and signing. To use this, someone publishes two values (e and N) and keeps another value (d) ...
3
1
Ricardo Blanco (Mr. White)'s profile photo
Add a comment...
 
A couple thoughts on vulnerability research and bug bounties :)

http://sirdarckcat.blogspot.ch/2015/09/not-about-money.html
6
Eduardo Vela (sirdarckcat)'s profile photoKristian Hermansen's profile photo
3 comments
 
They knew. And they have the source code
Add a comment...
 
The most powerful hacker of all time.
3
1
Paul Hosking's profile photo
Add a comment...
 
[Service Workers] Secure Open Redirect becomes XSS Demo
This is the shortest delay between blog posts I've had in a while, but I figured that since my   last post  had some confusing stuff, it might make sense to add a short demo. The demo application has three things that enable the attack: An open redirect. Av...
1
1
Pedro Joaquín's profile photo
Add a comment...
 
Bumble bumble bumble bee,
I am hoping you are asleep.
Wake up, wake up, wake up please!
And go back up to the tree.
2
Kevin Stadmeyer's profile photo
 
they are definitely just sleeping, definitely. 
Add a comment...
 
Aha!

works channel.port1.onmessage  = doSomething;
doesnt channel.port1.addEventListener('message', doSomething);

why?

addEventListener('message') requires you to call port1.start(). zing!
1
Jasvir Nagra's profile photoEduardo Vela (sirdarckcat)'s profile photo
2 comments
 
Specd
Add a comment...
 
This time about Pixel Perfect. #SecurityBugsGallery
Paul Stone The attacker wants to know the appearance of another websites. Many websites allow themselves to be placed inside other websites with what is called an iframe (this is the default behavior, so it is very common for sites to be framed). For those websites that allow themselves to be ...
1
2
Ricardo Blanco (Mr. White)'s profile photoZhengyee Zhong Vela's profile photo
Add a comment...
 
Range Responses: Mix, Match & Leak
Hey! The videos from AppSec 2015 are now online, and the Service Workers talk is too. Anyway, this post is about another of the slides in the presentation about Range Requests / Responses (or.. more commonly known as Byte Serving) and Service Workers. As th...
Hey! The videos from AppSec 2015 are now online, and the Service Workers talk is too. Anyway, this post is about another of the slides in the presentation about Range Requests / Responses (or.. more commonly known as Byte Serving) and Service Workers. As things go, turns out you can read content ...
1
Add a comment...
 
+Zhengyee Zhong Vela​ and I made this site as a small home project. The challenge being to create paintings inspired by security vulnerabilities.

They aren't supposed to be illustrations meant to explain the bug but rather tell a story inspired by them.

We are looking for feedback! What works and what doesn't. What is interesting and what is dull!

So far there are only five paintings in the site, some work better than others, what do you think?

Comment here, in HN or by email! Thanks :-)
Hacker News · new | comments | show | ask | jobs | submit · login · Security Bugs Gallery (bugs.gallery). 1 point by sirdarckcat 40 minutes ago | discuss · Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact. Search:
6
2
Shiv “Shivs” Mel's profile photoAndrew Hintz's profile photoWill Beers's profile photo
 
Hn?? Really??
Add a comment...
 
So WeChat is invulnerable to the iOS crash bug. #ThanksCensorship
3
Add a comment...
 
[Service Workers] New APIs = New Vulns = Fun++
Just came back from another great HackPra Allstars , this time in the beautiful city of Amsterdam. Mario was kind enough to invite me to ramble about random security stuff I had in mind (and this year it was  Service Workers ). The presentation went OK, alt...
6
2
Chirayu Krishnappa's profile photoStåle Pettersen's profile photo
Add a comment...
 
 
Want to help run Google's Vulnerability Reward Program? Apply here: http://goo.gl/gP0F2j
2
zarrin khan's profile photo
Public - 2 years ago
reviewed 2 years ago
Food: Very GoodDecor: Poor - FairService: Very Good
Public - 3 years ago
reviewed 3 years ago
Food: ExcellentDecor: ExcellentService: Excellent
Public - 3 years ago
reviewed 3 years ago
During spring the garden is beautiful.
Public - 3 years ago
reviewed 3 years ago
23 reviews
Map
Map
Map
Food: ExcellentDecor: Very GoodService: Excellent
Public - 3 years ago
reviewed 3 years ago
Nice place, it has the layout of a bar so you sit with other people.
Food: Very GoodDecor: Very GoodService: Excellent
Public - 3 years ago
reviewed 3 years ago
Ordered their "special" (wrap), and soup. Lacks flavor and overpriced. Will not come back.
Public - 4 years ago
reviewed 4 years ago