Calif
Subscribe
Sign in
Home
Visit Calif
Archive
About
Latest
Top
Discussions
A history of device-bound cookies
The recent announcement from Google about Device Bound Session Credentials (DBSC) sent me down memory lane.
Aug 24
•
Thai Duong
5
“Vibe Hacking”: Abusing Developer Trust in Cursor and VS Code Remote Development
Update: Mauro Soria pointed out that this attack vector can be easily adapted for phishing scenarios:
Aug 18
13
July 2025
Partnering with Google to Strengthen Open-Source Crypto: An Mbed TLS Security Audit
By Linh Le and Ngan Nguyen
Jul 5
6
April 2025
Oracle SSO, SOS
You've probably seen the news: Oracle Cloud got popped, exposing 6 million records from over 140,000 tenants.
Apr 8
•
Thai Duong
10
1
March 2025
YouTube Threat Modeling
Last week, we delivered our first training session with YouTube engineers on the attacker's mindset and threat modeling.
Mar 25
•
Thai Duong
11
January 2025
Calif Ski Team
In Vietnam, we have three seasons: hot, hotter, and damn hot!
Jan 2
•
Thai Duong
6
December 2024
CVE-2024-10382: Arbitrary code execution in Android Auto and various apps
In July 2024, Google engaged Calif to audit Android Automotive OS (AAOS) and Android Auto.
Dec 18, 2024
•
Khanh
and
Linhlhq
10
2
November 2024
What we do when we aren't hacking you
In my last year as a teenager, I worked as an IT assistant for Mr.
Nov 30, 2024
•
Calif
4
September 2024
Building new hospitals in Vietnam
Two years ago, when a close friend of the family (let's call him D) was sick, I took him to tour the hospitals in Saigon.
Sep 20, 2024
•
Calif
12
August 2024
Wormable Substack XSS
We found a stored Cross-Site Scripting (XSS) vulnerability in Substack.
Aug 12, 2024
•
Khanh
21
July 2024
Type confusion attacks in ProseMirror editors
Summary
Jul 16, 2024
•
Khanh
12
May 2024
Dissecting LockBit v3 ransomware
We analyzed a variant of LockBit v3 ransomware, and rediscovered a bug that allows us to decrypt some data without paying the ransom. We also found a…
May 2, 2024
•
Nhân Huỳnh
,
Hoang Nguyen
, and
Thai Duong
43
1
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts