2024
2023
- 20 Dec Common SAML vulnerabilities and how to remediate them
- 01 Jul Swift Deserialization Security primer
2022
- 13 Sep Avoiding SMTP Injection: A Whitebox primer
- 13 Apr Improving GraphQL security with static analysis
- 09 Mar rs-async-zip Zip Path Traversal (Zip Slip)
2021
- 09 Dec Joern Cheat Sheet
- 15 May Exploit Education - Phoenix Notes
- 10 May SuiteCRM - Phar Deserialization to Code Execution
- 04 May Fuzzing with Go-Fuzz
- 15 Apr ADempiere Unsafe Deserialization to Code Execution
- 17 Jan OpenCATS PHP Object Injection to Arbitrary File Write
- 09 Jan PHP Object Injection Exploitation Notes
2020
- 29 Dec Code Security Advent Calendar 2020 Answers
- 03 Sep Writing AngularJS Security Semantic Rules using Semgrep
- 01 Jul Demystifying HTTP request smuggling
- 04 Apr Webhacking.kr Solutions
- 02 Mar Patching Zip Traversal within pclzip
- 09 Feb DomGoat Walkthrough
2019
- 18 Sep Exploit Education - Nebula Walkthrough
- 03 Aug Common XSS payloads I use
- 09 Jun Facebook CTF 2019: Products Manager Writeup
- 09 Jun Facebook CTF 2019 : pdfme Writeup
- 22 Jan Pentestit TestLab V12 Walkthrough
2018
- 29 Dec HackTheBox : Active Walkthrough
- 21 Sep Ghost Publishing Platform – SVG Image Upload to Stored Cross-site scripting
- 21 Aug Top 10 OSINT Tools/Sources for Security Folks
- 29 Jul phppgadmin CSRF to Code Execution
- 27 Apr The target="_blank" Vulnerability
- 22 Mar Introduction to Socat
2015
- 24 Oct 6 things I didn't know Drozer could do
- 25 Aug ZAP Scripting