dkasak’s hastily set up homepage

About

I’m a security researcher, bug hunter and programmer from Croatia. I’ve begun my security research career several years ago working on native application securityDuring which I became one of the top researchers in Shopify’s former shopify-scripts program on HackerOne, hacking mruby. Later reports there were submitted in collaboration with my colleague dgaletic, while on some earlier reports I collaborated with poljar.

, but have since broadened to web and API security and pentesting. I have a special interest in fuzzing and the practical application of formal methods to enhance my security work.

As a programmer, I lean towards functional techniques and strong type systems (i.e. Haskell, Idris, Rust) but I'm also proficient in Python, C, C++ and JavaScript.

Apart from these computer science topics, I have broad interests which include mathematicsMathematical logic, type theory, probability theory, etc.

, physics, music theory and so on.

This page was set upUsing pandoc and tufte-css.

when I wanted to publish an Intigriti challenge writeup but I’ll probably be writing more stuff in the future.

Writeups

• My solution to Intigriti’s 5K DOM XSS challenge
• Live reloading of multi-module mitmproxy scripts
• Adventures in fuzzing libolm
• Importing Markdown into Google Docs

CVEs

• CVE-2020-26890
• CVE-2020-26891
• CVE-2021-34813