x43r0

@[email protected]
78 Followers
154 Following
238 Posts
all glory to the hypnotoad
NameNick
WhereSecurity at Google Cloud
Webhttps://nickg.ca
OpinionsMy own, not necessarily my employer’s view etc
x43r0Aug 22, 2025
https://nickg.ca/#/posts/mcp-blog-api why did I add an MCP server to my blog? (To save you a click: no way to learn about something like implementing it)
Nick G's Blog

x43r0Jun 12, 2025
Ivan FratricJun 11, 2025
Last week, I gave a talk on web browser security research at a student-organized conference. I tried to make the talk reasonably beginner-friendly, so the slides (linked here) could hopefully be useful to someone as a learning resource. https://docs.google.com/presentation/d/1rEPiqV0KBHAI0lVym283OHzYRXNCCuGudmDby1Z1qyc/edit?usp=sharing
Intro to Browser Security Research

How to Find Vulnerabilities in Web Browsers (An Introduction to Web Browser Security Research) Ivan Fratrić, Google Project Zero 2025

Google Docs
x43r0Jun 12, 2025

I wrote a little post about my experience with using Cursor for a couple hours.

https://nickg.ca/#/posts/cursor

Nick G's Blog

x43r0Mar 9, 2025
marlies Mar 8, 2025

Given it’s international women’s day, I’d like to encourage you all, but especially Dutch men to read these ‘anti-acknowledgments’ in a PhD thesis. This is not from somewhere else, it’s from Delft. And it’s not from the 1950s, but from the present. Unfortunately what academic life and culture in The Netherlands is still like. The author is just one of the few who actually spoke up about it, but there are many stories like it.

(Alt at https://pastebin.com/cqLvxX1f)

ANTI ACKNOWLEDGEMENTSThere have unfortunately also been people who have been l - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

Pastebin
x43r0Feb 16, 2025

Related to this, I was once filling out a background check while joining a new job. I was annoyed about it because I didn’t want to share my personal information with a sketchy site but my new employer wasn’t interested in alternatives to accomplish their objectives in the background check. So when I was picking a password for this site I picked a few random letters and then added on one of the standard SQL injection strings like ' or 1=1-- and thinking to myself it would all go into a password hash anyway so it didn’t matter.

It did matter, because the site then banned me from the platform. I now had no way of completing the background check and I started to panic a bit, thinking that I might not get this job I really wanted.

Thankfully it turned out they had only banned my IP address, so filling out the information from somewhere else was enough to get it working again. https://infosec.exchange/@lcamtuf/114002752430755212

lcamtuf :verified: :verified: :verified: (@[email protected])

Attached: 2 images Every time you deploy an "application firewall" to production, an angel loses its wings

Infosec Exchange
x43r0Jan 18, 2025
Ivan FratricJan 8, 2025
In case it wasn't posted here already, Project Zero is hiring!
See https://goo.gle/41DBQBY
Senior Security Engineer, Security Research — Google Careers

x43r0Jan 3, 2025
Tube❄TimeJan 3, 2025
ever wonder how you get cell service inside large buildings? they install antennas on the roof and use air-line coaxial cables, like this one, to connect them to antennas on the inside.
x43r0Dec 29, 2024
Show threadBelle (she/her)Dec 25, 2024
Oh look, it’s me 🤣😅
x43r0Dec 26, 2024
Soatok DreamseekerDec 26, 2024

Applied cryptographers during the holidays looking at novel cryptosystems be like:

That's not a foot-gun, it's a missile-toe!

x43r0Dec 25, 2024
I started trying to clean up some code so it’s less embarrassing to share it, and I’ve instead ended up adding major new functionality and I still need to clean it up.