Joshua Rogers

I recently decided to fork and maintain a new version of the Gixy nginx security tooling, calling my fork Gixy-Next. The official website is https://gixy.io/, and the source code is available on GitHub at MegaManSec/Gixy-Next. The Python package is availa... See more

This year, I’ve reported more issues via bug bounties than perhaps the past 10 years combined. The issues were all in completely random places, and the only reason they were reported via bug bounty programs is because it is generally impossible to get a h... See more

Some time ago, a friend of mine and I hired a helicopter to fly us from Vienna, to Wrocław. The story regarding this is, in my humble opinion, extremely funny, albeit long. Therefore, I decided to write it up so instead of explaining it for ~45 minutes ea... See more

In my last two posts, I outlined different stories about my experiences dealing with developers that had offloaded their work to low-quality LLMs, resulting in frustrating performance degradation. Today, I’ll be writing about a similar experience, wherein... See more

In October, I reported two security issues to Okta’s auth0/nextjs-auth0 project, here and here. The latter bug, an oauth parameter injection, allows for a range of types of abuse, like scoping tokens for unintended services, setting redirect_uri and scope... See more