WebAssembly is exciting at first glance but quickly turns into an adventure in software archeology. You spend most of your time piecing together clues from abandoned sites (github projects) and ancient texts (websites) searching for the holy grail.

While waPC is not the holy grail, it’s a satisfying solution to…


An application platform honed by attackers

I’ve been heads down for a long time and I’m finally able to come up for air. World, meet Vino Technologies, Inc. We’re building a composable application platform. A platform that gives back what you put in and makes us all faster the more we use it.


Photo by Asa Rodger

Every day we use a programming pattern that makes software needlessly expensive to build and maintain. It causes countless bugs and security vulnerabilities. It needs constant refactoring. It’s difficult to test, it’s tedious to document, and it’s flexibility makes every implementation a unique snowflake that leads to unending code duplication.


A few weeks ago I decided to take PTO to focus on understanding the current state of Rust and Web Assembly (WASM), two promising technologies that look completely unrelated. …


Screenshot of Hackium and the REPL

with shift-refactor and shift-interpreter

I’m super excited to release Hackium, shift-refactor, and shift-interpreter — three tools that I’ve been using to analyze, automate, and manipulate web sites for the past year. These projects have been a long time in the making, they incorporate techniques I started playing with 20+ years ago. …


Puppeteering for fun and outerwear

I wouldn’t say I have a problem. I have an inclination. I like to take things apart and change how they work. As a kid I’d stay on the computer all night poking at bits in memory trying to change a program’s behavior. Most programs would just break. …


The result of one week of deepfake experimentation

How easy is it to create a deepfake?

This is my experience getting started with deepfakes using DeepFaceLab. This article chronicles the general steps I went through to create a deepfake video to demonstrate how advanced the technology has gotten and how simple it is to use. …


Photo by Samuel Zeller on Unsplash

Get started with Node & GCP

The serverless trend is the latest evolution of network application architecture. You no longer need to think about the hardware, the OS, or even the running application. Deploy nothing more than the lines of code you need to run wrapped in a node.js function.

Deploying serverless functions to Google’s Cloud…


Transform, manipulate, and deobfuscate JavaScript with shift-refactor

For the last few weeks I have live streamed several reverse engineering and deobfuscation sessions. In these sessions I’ve been using an up-til-now unpublished library.

Today I am publishing a preview version of shift-refactor that you can install via npm:

$ npm install shift-refactor

What does shift-refactor do?

shift-refactor is a general purpose…


Image courtesy of https://unsplash.com/photos/B4op5oZ4x5Q

An attacker allegedly gained access to an npm user account and published modules that broke dependents. But why?

On July 12th Harry Garrood posted a personal blog entry outlining deliberate sabotage aimed at the PureScript installer. Two separate dependencies, both owned by a user who goes by @shinnn, targeted the npm package purescript-installer with malicious code using techniques that I've seen in exploits by other attackers. …

Jarrod Overson

I write about JavaScript, Reverse Engineering, Security, and Credential Stuffing. Also a speaker, O'Reilly Author, creator of Plato, Director at Shape Security.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store