Skip to main content


An illustration of a man standing.

You can call me Sam. I live in Portland, Oregon and spend a lot of time on the internet. I like web development, security research, and games. I did Drupal for a long time, but am trying my hand at security engineering now.


The latest from my mind to yours

Taking my work private

After a few weeks of mulling, I've decided to start doing more of my work in private, and drop most of my obligations with open source projects I maintain or contribute to.

Promoting jQuery JSON to JSONP to trigger XSS

I’ve done quite a bit of security research for Drupal, and one area of exploitation that I often come back to is the AJAX API. Drupal’s AJAX API is built on top of jQuery, and lets developers easily add interactive behavior to the frontend.

More posts


All work