top of page



A brief note on why this page exists: This should be a Wikipedia article but Wikipedia does not consider YouTube or blogs to be authoritative, even if they are written by the person in question, despite there being no better source of authoritative data than the source. Therefore, there is no objective way to write this page on Wikipedia without mass omissions of things that have occurred since much of what happened was on video, blogs, or websites of RSnake's own design. Also, Wikipedia heavily frowns on attempts to build one's own page even if that means massive amounts of background will largely be missed by whomever takes up the task. The idea is to be as objective as possible. However, one must ask, who could know a person's life better than the person of interest? Wikipedia doesn't have a concept of pre-seeding content, even if conflicts of interest are acknowledged upfront. Even still, in the spirit of what Wikipedia wants, the following is an attempt to make this page as neutral as possible for anyone who wants to dig into RSnake's background. To that end, there are omissions based on the fact that there are simply no reliable sources other than the content RSnake created himself.


Robert Hansen, also known as RSnake, is an American computer hacker, executive, and entrepreneur. He was the founder and CEO of SecTheory and was the co-founder of Bit Discovery after which he became the Deputy CTO of Tenable after Bit Discovery was acquired.[1][33] He has previously worked at eBay, WhiteHat Security (now Synopsis),, Cable & Wireless plc America, ValueClick and Silicon Alchemy. He founded the web application security lab.

RSnake is most well known for his security research and disclosures such as Slowloris (computer security)Clickjacking, Fierce DNS enumeration tool, XSS filter evasion, DNS RebindingContent Security Policy and Python NaN Injection.

See below for more detail.

  • From 1995 to 1998 RSnake studied computer engineering at California State University, Chico. At CSU Chico, the computer engineering degree was a hybrid degree mixing computer science and electrical engineering. He left school before attaining the degree.


      While attending Chico State University, RSnake started, a site that was designed to fix the issues with the second webring on the Internet called "the Fringe of the Web", which had been started by a hacker calling himself "Bronc Buster". RSnake built a self-healing top 100 list to keep the few hacking sites on the Internet interconnected. The issue with webrings being that when enough sites go offline the webrings tended to no longer function as a link chain due to too many gaps, whereas top 100 lists only showed sites with actual traffic flowing to them.[2] [3]


    • EHAP
      While attending CSU Chico, in June of 1996, RSnake co-founded a nonprofit organization named EHAP (Ethical Hackers Against Pedophilia), which included other hackers such as Genocide2600[4] [5] Tattooman, Silicon Toad, Chalk and more. EHAP purported to be responsible for uncovering the identities of a number of online pedophiles and associated groups. [6] [7]

    • Silicon Alchemy
      While at Silicon Alchemy where he was the Chief Operations Officer, RSnake worked with Bronc Buster on architectural designs for software called Peekabooty, which was a precursor to Tor (network).[3]

      RSnake also gave his first public speech at the Black Hat Briefings in Las Vegas, NV in 2001 on the hardening of .htaccess files based on his experiences identifying and thwarting automated brute force attacks.[8]


    • Cable & Wireless America
      RSnake joined Digital Island which was merged with Exodus Communication and eventually turned into Cable & Wireless America. He began his career at the company as a programmer and left after being promoted to product manager. While at Cable & Wireless America, RSnake worked with Jeremiah Grossman to create intranet port hacking - a technique by which the browser's internal access to a network is a conduit for malicious HTML and JavaScript to attack internal resources.[9] [10]


    • EBay Inc
      RSnake was the Sr. Global Product Manager of Trust and Safety at eBay. During his time there, he invented the idea of Content Security Policy as a means to defeat stored and reflected cross-site scripting. During his tenure at eBay RSnake founded, a hacker-centric web application security lab and blog and, a forum for web application security experts.


      RSnake was the director of product management for Inc in charge of various systems, like mapping. It is where RSnake began blogging on, after having left eBay.


    • SecTheory In 2007
      RSnake co-founded SecTheory LLC and shortly thereafter moved to Austin, Texas where he continued doing Internet security research while consulting.[36] He began by attacking the authentication system at Acutrust using entropy attacks.[11]. The XSS cheatsheet was built to evade filters that might prevent attackers from injecting Cross-Site Scripting. [12]

      In 2008 Tom Stracener and RSnake co-presented at the DEF CON security conference in Las Vegas, NV on the topic of "Xploiting Google Gadgets: Gmalware and Beyond". [23][44] The attack used malicious Google Gadgets to phish users and leak sensitive information. After this talk RSnake joined the Black Hat Briefings speaker review board. [24]

      RSnake worked on two DNS-related projects: DNS rebinding research[13] and the Fierce DNS enumeration tool which was capable of using brute force enumeration to identify assets of a target domain in 2009. [14] Adding to the groundswell of intranet port scanning research, RSnake introduced the concept of RFC1918 cache poisoning, which used the browser's cache and overlapping RFC1918 space to compromise networks that an adversary would not normally have access to.[15][35]

      RSnake built a denial of service tool called Slowloris (computer security) which used partially complete HTTP requests in parallel to deny service to Apache websites. Slowloris was used during the 2009 Iranian presidential election protests to take down leadership websites.[16]

      Shortly thereafter, RSnake and Jeremiah Grossman co-authored a new exploit class called Clickjacking (also sometimes referred to as Likejacking or UI redressing). The official presentation had to delay details of the exploit due to a request by Adobe to fix the vulnerability in Flash prior to public disclosure.[17] [18][37][38][39][40]

      RSnake and James Flom co-created Falling Rock Networks, which was a productized version of the's hardware and software stack which heavily utilized Berkeley Software Distribution Chroot jails.[19]

      In 2010 and during his time analyzing HTTPS, RSnake and Josh Sokol presented at the Black Hat Briefings a collection of two dozen HTTPS side-channel attacks in a presentation dubbed "HTTPS can Byte Me".[20] Shortly thereafter, in December 2010, RSnake wrote his 1000th blog post and officially ended his blogging on [21] In 2012 RSnake, by way of SecTheory, was involved in the DFIR work after Anonymous hacked Stratfor.[22]

      While running SecTheory with RSnake, James Flom located a Carnivore (software) device in their network, which ultimately lead RSnake to filing a FOIA request. The CIA gave a Glomar response. [25] On RSnake's Facebook page, he said that the FBI on the other hand “said that my case file was 469 pages, of which they were going to delete 419 before they even sent it to me. That left 50 pages. Those 50 pages though, were just the boilerplate case file and every single page is 100% redacted.”

      SecTheory was officially handed over to James Flom in 2013 to run the company after the Subprime mortgage crisis which had a large financial impact on the consulting practice.[3][46]


    • WhiteHat Security (now Synopsys)
      Jeremiah Grossman hired RSnake to be a director of product management at WhiteHat Security. RSnake was quickly promoted to the title of Vice President of Labs, where he helped launch Aviator, which was a short-lived privacy-focused alternative to Google Chrome built on Chromium.[26]

      During his tenure at WhiteHat, RSnake issued a warning about Anonymous having been compromised by nation states on VICE Cyberwar. [27] Subsequently, RSnake has explained how he knew that to be true in a conversation with Mike Jones on the H4unt3d Hacker podcast. [25]

      RSnake began to collect and compute magic hashes which allow adversaries to utilize collisions to break into web applications when certain types of numerics are used in comparison with existing hashes which collide with the numeric representation of zero.[28]

      In 2015 RSnake downloaded the North Korean Red Star OS and ran tests to identify issues with the Nanera browser, which lead to the understanding that the entirety of North Korea is using RFC1918 address space.[29]


    • OutsideIntel/Bit Discovery/Tenable
      In 2018 Bit Discovery acquired RSnake's corporate intelligence platform, OutsideIntel. In 2021, RSnake created a new type of attack called NaN Injection within Python. [30] NaN refers to "Not a Number" which potentially allows an adversary to do many different dangerous things when injected into vulnerable Python code such as privilege escalation, denial of service, incorrect comparison operations, and more. The maintainers of Python via Redhat responded with, "Python is a fully featured programming language, it allows you to write all kinds of programs, including insecure ones." As such, Python remains vulnerable as there appears to be zero plans to fix NaN Injection, issue an associated CVE or author guidance to developers.

      On June 6th, 2022 Bit Discovery was acquired by Tenable Inc.[33][34] RSnake became the Deputy CTO managing the WAS and EASM programs for Tenable, after which he left on his 1 year anniversary.


    • Civilized Entertainment
      In 2022 RSnake became an executive producer on the film "Lion Spy" featuring Rogue Rubin.[41]


    • The RSnake Show
      In 2022, RSnake created and executive produced a podcast entitled "The RSnake Show" that was purported to be "important conversations with people in the know."

      He wrote the book AI's Best Friend which documents the intersection of human and AI/AGI hallucinations and the complexity of the alignment problem.

    • Full Disclosure Stance
      In the late 2000's RSnake began a thread on the forum entitled "So it begins" which was a massive thread of various different cross site scripting attacks that were found in hundreds and then eventually over 1000 different websites proving how vulnerable modern web applications were. The majority of the flaws were found by RSnake himself. The thread ended up causing a backlash from a number of large companies and security vendors who were in favor of a non-disclosure policy whereby security researchers contact the companies privately and thereby making it possible to fix the issues without attackers being able to leverage the issue. RSnake's point was that by failing to publicly disclose the issues, it made it more difficult to explain the prevalence of security flaws in modern web applications.[45]


    • "10 Fucking Days" RSnake was involved in the "10 fucking days" imbroglio where Mike Shaver allegedly promised that he could fix any vulnerability in Mozilla's Firefox browser within 10 days. RSnake incredulously published a photo of Mike Shaver's business card with Mike's handwriting where he had scrawled the words "10 fucking days" which caused community backlash against Mozilla as this was seen as a challenge of sorts. The situation ultimately led to a recanting of this policy by Mozilla.[31]


    • Windows Help Centre Vulnerability Tavis Ormandy, a Google employee, found an issue within Windows Help Centre and disclosed it publicly without going through the responsible disclosure process. On his blog, RSnake challenged Google to follow its own rules and fire Tavis Ormandy or stop requiring other hackers to follow responsible disclosure rules. This led to backlash on RSnake's blog from the industry who felt that RSnake was unfairly calling for Tavis' termination and that the exploit was not Google sponsored despite the evidence that Tavis worked for Google and coordinated the disclosure with his manager at the time, Michał Zalewski.[32] Google eventually capitulated by starting Project Zero which largely solved the issue of how Google dealt with 3rd party vulnerability disclosures. RSnake ultimately stopped writing on his blog and eventually shut the site down after the 1000th blog post in part due to the incident. [3]


    • Hack The Pentagon In 2016 and after multiple invitations into the "Hack the Pentagon" program run by HackerOne, RSnake was apparently almost arrested by the United States Department of Defense for going out of scope during the reconnaissance phase of the government-sanctioned bug bounty program. The arrest never took place, presumably due to pressure from the US Digital Services on the Department of the Army to save face. This led to a change of policy that now allows hackers to safely disclose vulnerabilities that they may find in the DoD without fear of retribution. It is colloquially referred to the "see something say something" policy.[25][42]


    • Musk vs Twitter In 2017, RSnake worked with an unnamed internal employee at Twitter to create a project designed to fix the perceived "bot problem" after the 2016 election. As a result of this unnamed Twitter employee's attempt to notify the executives and fix the problem, the employee was ultimately let go by Twitter and the project concept was abandoned. Unfixed, the bot problem eventually culminated in a lawsuit following Elon Musk's attempted takeover of Twitter, where the existence and prevalence of bots on the Twitter platform became the central issue involving the valuation of the company. [43]


    • Jan 6th Commission Report In 2022, RSnake discussed with both Morgan Warstler and John Robison their involvement in discussing alternative methods of bypassing the election process with Donald Trump on November 10th, a week after the election at the Oval office. [47][48] Subsequently, The RSnake Show was referenced as background material within the Jan 6th Commission Report corroborating the evidence that Morgan Warstler was indeed in charge of the Twitter account used to admit to his visiting the Whitehouse and that states can choose their electors, overriding the popular vote. [49]


    • James Flom/Shannon Norton murder-suicide April 27 2023, James Flom and Shannon Norton were found dead in her home, by apparent murder-suicide where James shot and killed Shannon and then himself. James was RSnake's long time best-friend and former business partner. The controversy around this was the depiction as a domestic dispute by the press and twitter commentators [50], but RSnake has come out against this characterization as it is far more likely the cause of undetected chronic traumatic encephalopathy (CTE) due to repeated brain traumas and a decline causing subsequent violent hallucinations.

    • Fogie, Seth; Grossman, Jeremiah; Hansen, Robert; Rager, Anton; Petkov, Petko (2007). XSS Attacks: Cross Site Scripting Exploits and Defense (1 ed.). Rockland, MA: Syngress. ISBN 978-1597491549.

    • Hansen, Robert (2009). Detecting Malice (1 ed.). Austin, TX: Self-publishing. ISBN 978-0-557-18733-1.

    • Grossman, Jeremiah; Hansen, Robert; Manico, Jim; Tittel Ed (2014). Website Security for Dummies (1 ed.). Hoboken, New Jersey: John Wiley & Sons, Inc. ISBN 979-1-118-80138-3.

    • Hansen, Robert (2024). AI's Best Friend. Austin, TX: RSnake, LLC ISBN 979-8-8-804-1527-4.


bottom of page