Latest Posts

[Chromium] Drag and drop a Data URI to spoof a dialog

[Chromium] Drag and drop a Data URI to spoof a dialog

Ashley King 27 Apr 2026 Google

Back in June, I came across some interesting behaviour with Google Chrome. If you drag and drop a Data URI (image or hyperlink) into a...

Read More
[Outlook] How an attacker could modify your sent items!

[Outlook] How an attacker could modify your sent items!

Ashley King 20 Feb 2026 Microsoft

In the world of business disputes, the "Sent Items" folder is often treated as the source of truth. We implicitly trust that what sits in that folder is...

Read More
Crafting Malicious Facebook Ads via Instant Experiences

Crafting Malicious Facebook Ads via Instant Experiences

Ashley King 17 Jul 2025 Meta

Everyone who uses Facebook has seen them: slick, fast-loading ads that open up into a full-screen experience without ever leaving the app. These are...

Read More
Bypass client-side validation on a Facebook Page Contact Form

Bypass client-side validation on a Facebook Page Contact Form

Ashley King 05 Jun 2025 Meta

The "Action Button" feature found against a Facebook page has an option to create a Contact Form. This Contact Form allows a page to collect...

Read More
XSS to RCE - Xbox Device Portal

XSS to RCE - Xbox Device Portal

Crafted By Gemini 2.5 25 May 2025 Microsoft

The Xbox Device Portal is an invaluable tool for developers, offering remote access to an Xbox console in developer mode via a web browser. It allows...

Read More
Bountycon 2022 - Android Trinity PWN

Bountycon 2022 - Android Trinity PWN

Ashley King 06 Jul 2022 Meta

Whilst working on the BountyCon 2022 CTF, I spent the majority of the time focusing on the Android Trinity challenge. This was one of two PWN...

Read More