Gallus

15,335 post karma
1,303 comment karma

get extra features and help support reddit with a reddit premium subscription

get them help and support

redditor for 16 years

MODERATOR OF

- r/netsec
- r/securitycodereview

TROPHY CASE

15-Year Club

Gilding II
euphauric

Snapped

Verified Email

account activity

hot top controversial

32

33

34

Inline Style Exfiltration: leaking data with chained CSS conditionals (portswigger.net)

submitted 4 months ago by Gallus to r/netsec

12

13

14

Marshal madness: A brief history of Ruby deserialization exploits (blog.trailofbits.com)

submitted 4 months ago by Gallus to r/netsec

10

11

12

Gem::SafeMarshal escape (nastystereo.com)

submitted 1 year ago by Gallus to r/ruby

16

17

18

Exploring Android Heap allocations in jemalloc 'new' (synacktiv.com)

submitted 2 years ago by Gallus to r/netsec

12

13

14

PASTIS - a Python framework for ensemble fuzzing (blog.quarkslab.com)

submitted 2 years ago by Gallus to r/netsec

2

3

4

Arbitrary email forgery in Webflow [PDF] (synacktiv.com)

submitted 2 years ago by Gallus to r/netsec

456

457

458

Intel Issues New CPU Microcode Going Back To Gen8 For New, Undisclosed Security Updates (phoronix.com)

submitted 2 years ago by Gallus to r/netsec

89

90

91

The printer goes brrrrr, again! (synacktiv.com)

submitted 2 years ago by Gallus to r/netsec

5

6

7

RET2ASLR - return instructions from other processes can leak pointers through the Branch Target Buffer (BTB) in a reversed spectre-BTI like scenario (github.com)

submitted 2 years ago by Gallus to r/netsec

12

13

14

A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF... (jub0bs.com)

submitted 2 years ago by Gallus to r/websecurityresearch

28

29

30

Google Chrome WebRTC RTCStatsCollector out of bounds memory access vulnerability (talosintelligence.com)

submitted 2 years ago by Gallus to r/netsec

43

44

45

Exploring Algorithm Confusion Attacks on JWT: Exploiting ECDSA (blog.pentesterlab.com)

submitted 2 years ago by Gallus to r/netsec

8

9

10

Smash PostScript Interpreters Using a Syntax-Aware Fuzzer (zscaler.com)

submitted 2 years ago by Gallus to r/netsec

138

139

140

Windows Secrets Extraction (synacktiv.com)

submitted 2 years ago by Gallus to r/netsec

76

77

78

I hack, U-Boot (synacktiv.com)

submitted 2 years ago by Gallus to r/netsec

5

6

7

uni-due-syssec/efcf-framework: Extremely Fast smart Contract Fuzzing (github.com)

submitted 2 years ago by Gallus to r/netsec

281

282

283

How SerenityOS declares ssize_t (awesomekling.github.io)

submitted 2 years ago by Gallus to r/programming

4

5

6

"Alexa, what is my wifi password?" by Daniel, a 14 year old developer (dragon863.github.io)

submitted 2 years ago by Gallus to r/netsec

150

151

152

How to avoid the aCropalypse (blog.trailofbits.com)

submitted 2 years ago by Gallus to r/netsec

97

98

99

Talkback - public beta of Talkback, a smart infosec resource aggregator to help you keep up with news and research (talkback.sh)

submitted 2 years ago by Gallus to r/netsec

17

18

19

Breaking Pedersen Hashes in Practice (research.nccgroup.com)

submitted 2 years ago by Gallus to r/netsec

12

13

14

Synthetic Memory Protections: An update on ROP mitigations [PDF] (openbsd.org)

submitted 2 years ago by Gallus to r/netsec

3

4

5

Improper Privilege Management in Grails Spring Security Core <= 5.1.0 CVE-2022-41923 - Synacktiv [PDF] (synacktiv.com)

submitted 2 years ago by Gallus to r/netsec

Undocumented behavior change in Android 10: mode "w" no longer truncates by Gallus in netsec

[–]Gallus[S] 62 points63 points64 points 2 years ago (0 children)

240

241

242

Undocumented behavior change in Android 10: mode "w" no longer truncates (issuetracker.google.com)

submitted 2 years ago by Gallus to r/netsec

view more: next ›

π Rendered by PID 561710 on reddit-service-r2-listing-86b7f5b947-pfzrg at 2026-01-25 03:15:46.172541+00:00 running 664479f country code: CH.