Alok Menghrajani

Security engineer at Square. Previously co-author of Hack and put the 's' in https at Facebook. Maker of CTFs.

Contact me | Github | Twitter | Facebook


Last post

3D printed chess set

Thoughts on web security & privacy


Advent of code 2016

Building multi-master distributed systems using feeds

Year of Plenty

My $3/month backup setup

Exploring 3 insecure usage of RSA

The hardware CTF

Programming an at89s4051 with an Arduino

On the design of Hack

AFOL (adult fan of Lego)

Voting experience for a Swiss expat


Crypto white elephant gift exchange puzzle

Three cylinders: random geometry geekery

Interested to work at Square?

A simple yet robust approach to sanitizing user supplied HTML and CSS

µ mod player from scratch

A few (easy | fun) math puzzles

Reporting "authenticity_token is not random across page loads" to a bunch of companies

A chess engine to improve my Golang-fu

My experience serving in the Swiss army

git rebase + conflicts with deleted files

Bootloader + retro game in a tweet

A simple, auditable and anonymous voting scheme

Hackerone for open source projects

Open sourcing Keywhiz: Protecting infrastructure secrets

PGP 'quine': a key where the user == the key's fingerprint

WebRTC leaks internal IP addresses

Detecting incognito mode in Chrome

Message Board over PGP Key Servers


A less error prone HMAC-based hash construction
or how to avoid shooting yourself in the foot with HMAC

Forth Haiku
mixing math, art and Forth

I am working at Square

Abusing JSON Esolang

Dodecahedron Folding

Rough thoughts on Login Systems

(minor) WTF Openssl

Prolog program to solve "inverting three signals" puzzle

2048-undo: a modification to 2048 which lets you undo as many moves as you wish


CSRF & state mutation on read requests

Universal logic gates

Various wood (and non-wood) projects using lathes, laser cutters & 3d printers

JSONP & handcrafted Flash files

qrquine: a QR code based quine

Piet: a language where programs are works of modern art

WTF Python

Ten Technology Ideas

Obfuscated coding contest

Do you know your bitwise operators?

Arduino: showing information from a GPS on a LCD

Combining React and Firebase: sample TicTacToe game & chat widget

Secure browsing by default (https @ Facebook, part 2)

Some dark corners of C (Rob Kendrick)

GIF encoder from scratch

Sum of first n natural numbers

A perpetual calendar in JavaScript

a linter and visualizer for regular expressions

Mapping an IP address to an ASN

Random list of extinct web or software technology

Javscript model of Ackermann steering

Regular expression to match multiples of 3

WTF jQuery

FAT12 file system "driver" in javascript

WTF Adobe! Adobe Flash: a quirk in TextFields

2012 and older

Types in web applications

Patent granted

Ray casting

étude sur l'utilisation des moyens informatiques à l'UNIL (in french)

Maze mapper

Transparent PLD use from Java

Teaching assistant experience

License Plate Recognition

Operating System Design & Implementation

Compiler design & implementation


Mobile payments

Writing Your Own Unix Shell

Mips microprocessor


Hugi: taquin

fun with HP-15C

Getting your first commit in an open source project

219 bytes tron: javascript size optimization fun

Facebook Rubik Cube in javascript

Taint support for PHP

PHP turtles: a list of things you might not know about PHP

A simple ray tracer in PHP

A Continued Commitment to Security (https @ Facebook, part 1)

LinearML: write safe, fast, parallel program without any garbage collector

(legally) Hacking my manager's Facebook account

Tab nabbing attack

Pastebin: easy way to share text

Synergy: a software keyboard & mouse switch

Slax 6.0 released

TigerTeam TV Show

Managing passwords with Keepass

Covert communications: subverting Windows applications (pdf)

Mars Rover: a computer graphics project in OpenGL

A VGA controller in VHDL

Adaptive Machines

Building Virtual Worlds

Binary Adder (transistor-less)