PNA: A Short Life, A Long Shadow
The rise and fall of PNA, and what LNA means for browser security’s future.
Posts by Category
blog
CVE-2025-66238 and CVE-2025-66237
CVE-2025-66238 and CVE-2025-66237
PNA in the Wild: Rare, but Often Broken
Analyzing the state of PNA adoption in 2025.
CVE-2025-6185
CVE-2025-6185
The Cost of Exposing your Kubecost
Intro : During a recent engagement of reviewing a Kubernetes environment I came across a service called “Kubecost”, which is intended to be used for monitori...
CVE-2024-26367
CVE-2024-26367
RCE into EA using Kubeflow Notebooks
Intro Multiple articles and blog posts written about Kubeflow intrigued me to dive (albeit shallow) into and scour the depths of Shodan one evening to see wh...
CVE-2023-39854
CVE-2023-39854
Burp Suite Extension - Raw Collaborator
The following describes the set up and usage of a Burp Suite Extension I wrote, that creates a new Collaborator URL and dumps the raw Interaction transaction...
CVE-2023-38523
CVE-2023-38523
Pentesting FoundationDB
During a recent Pentesting engagement, I came across a service using FoundationDB to store application layer configurations and state. This lead me to dive i...
Database Credential Dumps
The following is a compilation of queries to list database user hashes, which are stored locally in tables. The hashes obtained can be cracked using password...
Tools
LNAlyzer - Chrome Extension
A Chrome Extension to monitor what URLs on private/local network your current tab attempted to access..