top of page
Intro to Sandbox Escapes: From JS Engine Exploit to Full Privilege Code Execution
Browser Sandbox Basics: Modern browsers use sandboxing to isolate code execution (especially untrusted JS) from the rest of the OS. It...
Apr 10
InQuizitive: Client-Side Injection, LMS Trust Bypass, and Stored XSS
This write-up documents a critical client-side vulnerability in the W. W. Norton InQuizitive assessment platform. The vulnerability...
Apr 9
bottom of page