Public Writing – Robert Rowley

I guess I am a writer. At least, I have written in public enough that I could be called a writer. Here is a list of some of the articles I have written for third parties and for my workplace.

2023
MasterWP	The problem with misinformation in WordPress security
Patchstack	Solving Unpredictable WP-Cron Problems, Addressing CVE-2023-22622

_{Let us see what 2023 brings …}

2022
MasterWP	Rebuttal: How Patchstack is improving WordPress security
Patchstack	Patching an XSS Security Bug in “add-comments” Plugin
Patchstack	Patching an Arbitrary User Creation Security Bug in “thecartpress” Plugin
Patchstack	Patching a Broken Access Control Bug in the “account-manager-woocommerce” Plugin
Patchstack	Patching an Arbitrary File Download Vulnerability in “wsm-downloader”Plugin
Patchstack	Patching Remote Code Execution in the ‘member-hero’ Plugin
Patchstack	Patching an Arbitrary Plugin Disablement Bug in the “webmaster-tools-verification” Plugin
Patchstack	A “New” Bug – PHP Object Injection via Insecure Instantiation
Patchstack	Patchstack App Tutorial: Writing Custom Firewall Rules

_{2022 brought a renewed focus on WordPress security, including a series where I patch publicly disclosed vulnerabilities.}

2019
SecJuice	Brief History of Juice Jacking
Pagely	Can WordPress Developers and Security Researchers get along?
Pagely	The Short History of Unauthenticated Site Options Update Vulnerabilities

_{2019 I tested the waters freelance writing.}

2017
Pagely	The PHP Object Injection Odyssey
Pagely	PHP Object Injection and Insecure Unserialize in WordPress
Pagely	How to Address Object Injection Vulnerabilities in PHP
Pagely	Exploring the ExploitBox Unauthorized Password Reset Vulnerability

_{More public records of observations of attacks against WordPress websites.}

2016
Pagely	One Rogue Plugin: A noncanonical Star Wars and WordPress security story
Pagely	The Wild West of Bots and Brute Forces
Pagely	Tracking WP PHP Object Injection Attackers in November

_{In 2016 I joined Pagely and began writing about WordPress security concerns from the front line.}

2014
Trustwave (Spiderlabs)	Leveraging LFI to compromise WordPress websites
Trustwave (Spiderlabs)	Detecting A Surveillance State – Part 1 Hardware Implants
Trustwave (Spiderlabs)	Detecting A Surveillance State – Part 2 Radio Frequency Exfiltration
Trustwave (Spiderlabs)	Detecting A Surveillance State – Part 3 Infected Firmware
Trustwave (Spiderlabs)	Detecting A Surveillance State – Part 4 Cellular Attacks

_{In 2014 I pivoted to privacy and state actor concerns, this research lead to a public presentation at DefCon.}

2013
Trustwave (Spiderlabs)	Jamming with WordPress Sessions

_{More research, now with WordPress and web applications.}

2012
Dreamhost	An Article About Authentication
Dreamhost	How to Safely Use Permission Settings
Trustwave (Spiderlabs)	Abusing the Android Debug Bridge

_{I began adding original research when I began working for Trustwave Spiderlabs.}

2011
Dreamhost	Dissecting Website Attacks: What You Should Know

_{I got my start writing FYI posts for Dreamhost customers.}