Blog posts

Bug bounties

Stealing Facebook access_tokens using CSRF in device login flow

Read more

Bug bounties

Race conditions on the web

Read more

Bug bounties

Facebook CSRF leading to full account takeover (fixed)

Read more

Bug bounties - archived blog

Race conditions on Facebook, DigitalOcean and others (fixed)

Read more on archived blog