Home | Samuel Mortenson

You can call me Sam. I live in Portland, Oregon and spend a lot of time on the internet. I like web development, security research, and games. I did Drupal for a long time, but am trying my hand at security engineering now.

Blog

The latest from my mind to yours

Drupal Services SQL injection - don't trust abstractions

Drupal doesn’t have many SQL injection vulnerabilities anymore, at least not since the original Drupalgeddon was released into the wild. So what makes Drupal so safe? Abstractions of course!

Drupal services private file access bypass via IDOR

There’s a feature in Drupal that not a lot of people know about, but is a great target for security research - private files. Private files allow you to upload files to a non-public directory on your server, then serve them through Drupal instead of through your HTTP server.

Making a multiplayer game with Go and gRPC

Recently I’ve started to pick up a new programming language, Go, but have struggled to absorb lessons from presentations and tutorials into practical knowledge. My preferred learning method is always to work on a real project, even if it means the finished work has loads of flaws.

Building my site with Tome and Single File Components

I've just finished re-building my site using Tome and Single File Components (SFC), two Drupal projects I maintain and wanted to test out on a real site. If you're reading this post, you're already on my new website! Hope it's working OK so far.

Work

Featured

Tome

A static site generator for Drupal

As I started to use static site generators like Jekyll and Gatsby, I started to wonder why Drupal couldn't also be used as a static site generator. After a ton of work, more than any on any Drupal module I've made, I created Tome, a static site generator for Drupal 8 that stored content, config, files, and HTML statically.

All work

Gallery

A small CRT TV and a variety of retro consoles.

Samuel
Mortenson