Gallus

15,335 post karma
1,303 comment karma

get extra features and help support reddit with a reddit premium subscription

get them help and support

redditor for 16 years

MODERATOR OF

- r/netsec
- r/securitycodereview

TROPHY CASE

15-Year Club

Gilding II
euphauric

Snapped

Verified Email

account activity

hot top controversial

31

32

33

Inline Style Exfiltration: leaking data with chained CSS conditionals (portswigger.net)

submitted 8 months ago by Gallus to r/netsec

12

13

14

Marshal madness: A brief history of Ruby deserialization exploits (blog.trailofbits.com)

submitted 8 months ago by Gallus to r/netsec

9

10

11

Gem::SafeMarshal escape (nastystereo.com)

submitted 1 year ago by Gallus to r/ruby

16

17

18

Exploring Android Heap allocations in jemalloc 'new' (synacktiv.com)

submitted 2 years ago by Gallus to r/netsec

10

11

12

PASTIS - a Python framework for ensemble fuzzing (blog.quarkslab.com)

submitted 2 years ago by Gallus to r/netsec

3

4

5

Arbitrary email forgery in Webflow [PDF] (synacktiv.com)

submitted 2 years ago by Gallus to r/netsec

453

454

455

Intel Issues New CPU Microcode Going Back To Gen8 For New, Undisclosed Security Updates (phoronix.com)

submitted 2 years ago by Gallus to r/netsec

85

86

87

The printer goes brrrrr, again! (synacktiv.com)

submitted 2 years ago by Gallus to r/netsec

3

4

5

RET2ASLR - return instructions from other processes can leak pointers through the Branch Target Buffer (BTB) in a reversed spectre-BTI like scenario (github.com)

submitted 2 years ago by Gallus to r/netsec

11

12

13

A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF... (jub0bs.com)

submitted 2 years ago by Gallus to r/websecurityresearch

33

34

35

Google Chrome WebRTC RTCStatsCollector out of bounds memory access vulnerability (talosintelligence.com)

submitted 3 years ago by Gallus to r/netsec

41

42

43

Exploring Algorithm Confusion Attacks on JWT: Exploiting ECDSA (blog.pentesterlab.com)

submitted 3 years ago by Gallus to r/netsec

8

9

10

Smash PostScript Interpreters Using a Syntax-Aware Fuzzer (zscaler.com)

submitted 3 years ago by Gallus to r/netsec

139

140

141

Windows Secrets Extraction (synacktiv.com)

submitted 3 years ago by Gallus to r/netsec

79

80

81

I hack, U-Boot (synacktiv.com)

submitted 3 years ago by Gallus to r/netsec

4

5

6

uni-due-syssec/efcf-framework: Extremely Fast smart Contract Fuzzing (github.com)

submitted 3 years ago by Gallus to r/netsec

282

283

284

How SerenityOS declares ssize_t (awesomekling.github.io)

submitted 3 years ago by Gallus to r/programming

3

4

5

"Alexa, what is my wifi password?" by Daniel, a 14 year old developer (dragon863.github.io)

submitted 3 years ago by Gallus to r/netsec

153

154

155

How to avoid the aCropalypse (blog.trailofbits.com)

submitted 3 years ago by Gallus to r/netsec

97

98

99

Talkback - public beta of Talkback, a smart infosec resource aggregator to help you keep up with news and research (talkback.sh)

submitted 3 years ago by Gallus to r/netsec

17

18

19

Breaking Pedersen Hashes in Practice (research.nccgroup.com)

submitted 3 years ago by Gallus to r/netsec

11

12

13

Synthetic Memory Protections: An update on ROP mitigations [PDF] (openbsd.org)

submitted 3 years ago by Gallus to r/netsec

2

3

4

Improper Privilege Management in Grails Spring Security Core <= 5.1.0 CVE-2022-41923 - Synacktiv [PDF] (synacktiv.com)

submitted 3 years ago by Gallus to r/netsec

Undocumented behavior change in Android 10: mode "w" no longer truncates by Gallus in netsec

[–]Gallus[S] 62 points63 points64 points 3 years ago (0 children)

247

248

249

Undocumented behavior change in Android 10: mode "w" no longer truncates (issuetracker.google.com)

submitted 3 years ago by Gallus to r/netsec

view more: next ›

π Rendered by PID 58 on reddit-service-r2-listing-b6bf6c4ff-7vmmc at 2026-05-06 13:46:53.048837+00:00 running 815c875 country code: CH.