How it began

Although this is my first post I have been searching for vulnerabilities since 1998. Back then it was mostly unsafe php includes and evals,  and there were a lot them. I can remember them all, but funnily enough some still show up in google searches. But I doubt anyone will be interrested in those anymore so I’ll try to write more about my recent work. Most of my research I sell to either ZDI or iDefense so I wont be able to disclose much of them untill they are published. But since Im not a strong believer in fulldisclosure anyway I have no problem with that :) For some of my work I will post POC and detailed analyses when I have the time, others I wont even mention.

Recently I found quite a few holes in IE8, but since all most of them are still being undisclosed I wont post anything about those yet. I will start soon with some posts about older stuff just to get the hang of it for myself.

For those who are interrested: here is a quick list of my findings.