Luke Young – Medium

Luke Young

Pinned

In

bored.engineer

by

Luke Young

·

May 4

Building GitHub Canarytokens: A rant about Audit Log gaps

Insights from my (mostly) successful attempt to create API tokens and SSH keys for github.com that trigger an alert (including source…

Screenshot of a Slack message posted by “GitHub Canarytokens” containing a “GitHub Audit Log Alert”. Message contains the timestamp, token used, URL, action (“api.request”), source IP and User Agent (“GitHub CLI 2.90.0”). The raw event is attached as well as comment indicating the location where the token was stored (“Stored in ~/.netrc on self-hosted ubuntu GitHub Actions runners”)

Pinned

In

better appsec

by

Luke Young

·

Jun 10, 2021

Building a WebAuthn Click Farm — Are CAPTCHAs Obsolete?

How I built a click farm to “bypass” Cloudflare’s CAPTCHA killer with some cheap USB security keys, an Arduino, and a bit of python.

6 lite HyperFIDO keys connected to a USB hub and attached to a Raspberry Pi

In

bored.engineer

by

Luke Young

·

Dec 1, 2022

XSS on account.leagueoflegends.com via easyXDM [2016]

This post contains a chain of vulnerabilities I responsibly disclosed to Riot Games in November of 2016. I’m publicly disclosing it now as…

A browser alert box from ‘account.leagueoflegends.com’ indicating successful exploitation of the XSS issue

In

bored.engineer

by

Luke Young

·

Aug 2, 2017

DEF CON 25: Slides and Source Code

In

bored.engineer

by

Luke Young

·

Aug 6, 2016

DEF CON 24: Slides and Exploit

Here’s the slides and exploits from the DEF CON 24 talk in Las Vegas, NV. Video to follow in a few weeks.

In

bored.engineer

by

Luke Young

·

Jul 22, 2016

git init && git commit -a -m “Initial Commit”

I decided to relaunch my blog with my recent domain name change. It’s unlikely I will migrate the old content, but look forward to my…

Luke Young

Luke Young

I find bugs and exploit them. Sometimes for money, mainly for T-Shirts - https://www.linkedin.com/in/bored-engineer/ - All opinions are my own.

Help

Status

About

Careers

Press

Blog

Store

Privacy

Rules

Terms

Text to speech