Talks and Presentations

  • Invited Talk for Team Bi0s - Argument Injection - Video & Slides
  • HITB GSEC 2018 - Surprise Rant 2.0 Video
  • OffensiveCon 2018 - Surprise Rant Video
  • Ekoparty 2016 - Let Me GitHub That For You (2016 Argentinian Edition) Video
  • Hacktivity 2015 - Your Web app, those hackers & you Video
  • HackPra 2015 - Bug Tales Video
  • Hackito Ergo Sum 2014 - Ruby on Rails exploitation and effective backdooring
  • t2-2013 - <3 Ruby on Rails <3
  • HITB Amsterdam 2013 - Attacking Ruby on Rails Applications
  • ZeroNights 2012 - They told me I could be anything, so I became BAh7BkkiDHVzZXJfaWQGOgZFVGkG
  • HITB Malaysia 2011 - Building and Breaking Ruby on Rails
  • Hackito Ergo Sum 2011 - Ruby On Rails From A Code Auditor’s Perspective Video part 1 part 2 part 3
  • Berlinsides 2010 - Ruby On Rails From A Code Auditor’s Perspective

Blogposts

GitLab

Recurity Labs

Phenoelit

Papers

  • Attacking Ruby on Rails Applications - Phrack 69
  • A Vulnerability in Reduced Dakarand from PoC||GTFO 01:02 - PoC||GTFO 02:09

Trainings