JIT-Repicker: Differential Fuzzing Reborn
Reimplementing differential fuzzing for modern JavaScript engines. From understanding JIT compilation to building a production-ready fuzzer on top of Fuzzilli...
Blog
Thoughts on browser security, privacy, and the open internet
The internet is bad now.
Five websites, each filled with screenshots from the other four. A look at how the open web became a handful of walled gardens, and why the IndieWeb movement might be the most sensible response to it...
Claude: King of the Hill
What happens when AI agents battle as autonomous attackers and defenders in a turn-based security experiment? I built a sandbox with four Claude agents and watched them try to break and fix a vulnerable web app...
coming soon
Navigation API origin confusion
How I found a logic bug in WebKit's experimental Navigation API using invariant checking instead of traditional crash-based fuzzing...
coming soon