On January 20th, Chrome shipped an update that changed the profile of one of the most popular TLS client fingerprinting algorithms, JA3. In this short blog post we’ll describe the change and…

At its core, Private Access Tokens present a privacy-respecting, anti-fraud and authorization framework. This blog post provides an overview of what it does and how developers can try it out…

The Coalition for Content Provenance and Authenticity (C2PA) develops technology to combat disinformation. Recently, the group released a public draft specification designed to make it…

While WebAssembly has already proven a fertile attack surface for the browser, as more web application code moves to WebAssembly from Javascript there will be a need to research and secure…

OSS-Fuzz is an innovative project that is both advancing the state of the art in OSS security engineering and immediately improving the overall quality of the software that serves the…

In this blog post, I'll describe how to use AFL's experimental persistent mode to blow the doors off of a server without having to make major modifications to the server's codebase. I've…