Hacking My Bank

I have around 17 years experience in making people feel bad. I do this by finding errors in their code. I like to think I'm pretty good at it.

My computing hobby developed into a career as marketing services moved online. Converting knowledge from my hobby to improve the efficacy of marketing campaigns was easier than hacking my bank... Or so I thought.

I was recently employed by a leading marketing agency, located in Brighton. They are owned by a large multinational conglomerate which reported an anual revenue of $10 billion in 2014...


Mocking the military

Disclaimer: This probably isn't safe for work.
Bad language, political views, and oxford commas aplenty.

Mocking the military; Hacking the hackers is pretty clickbaity title, but apt. This article covers a few basic cross site scripting bugs in websites owned by the Department of Defence and Ghost Security. The idea is to highlight how even the most security conscious among us can forget to check for basic exploits.


Scoot.co.uk XSS

I am an SEO engineer at heart. Always on the lookout for opportunities from which links and/or citations can be gleaned. Often, while looking for link placements I find sites with security vulnerabilities. I always try to work with affected sites to help secure the attack vector with mixed results. More often than not the sites get patched and everyone is happy. Sometimes I get ignored. Sometimes I get a generic "we will fix it" reply but the exploit gets ignored. The site in question passes the information stored on its site onto several authoritative websites in the UK, some of which are the biggest news organisations we have…


An XSS attack in action

Cross site scripting attacks, commonly called XSS, are becoming more and more prevalent as the power of JavaScript has evolved way beyond simple DOM manipulation. Using the power of embeded JavaScript can be beneficial for an attacker for several reasons including, but not limited to…