Did default SameSite:Lax put the nail in the coffin for CSRF? Mostly, but not always!
February 17, 2022
Most modern browsers have added the “SameSite: Lax” attribute to session cookies as default when not otherwise set. The driving factor for this change is to have a better default to defend against Cross-Site Request Forgery (CSRF). Did this end CSRF as we know? Mostly, but there are some interesting gaps where it can still be a problem. This blog post will briefly cover what CSRF is, how the SameSite attribute affects it, and an interesting gap discovered in the wild.
HackLive’s Hardware Challenge
May 07, 2021
Normally the extent of my hardware involvement with Kernelcon ends with the electronic badge. However, our event this year, HackLive, was setup to have a hardware challenge to be solved by Kingpin (Joe Grand). And through a series of circumstances, I ended up taking on the task. This blog post will cover what went into building the HackLive challenge and what came out the other side!
Prints: A DefCon 28 Short Story
July 04, 2020
This year’s DefCon theme, albeit virtual, got me excited and I had a good idea for the short story contest. This blog post contains a little background and that story!
All Posts