2026

• 13 Apr A Weird UNC Path That can Crash Node.js
• 28 Mar Fuzzing Microvium Embedded JavaScript Engine

2025

• 27 May JavaScript Malware Code review of a Fake Job Email
• 13 May Promptleak and Jailbreak in LLM and XSS in SQL to AI Application
• 07 Apr Reading RFCs for Security Research
• 24 Mar ExpressCart Prototype Pollution to Denial Of Service
• 09 Mar Sec Blue Team Level 1 Exam Prep Notes

2024

• 29 Aug Chef Yaml Deserialization Vulnerability

2023

• 19 Dec Common SAML vulnerabilities and how to remediate them
• 04 Jul Cocoapods Yaml Insecure Deserialization Security Disclosure
• 30 Jun Swift Deserialization Security primer
• 06 Jun LakeraAI Gandalf LLM CTF Solutions
• 01 Jan SonarSource Advent Security Calendar 2022 Notes

2022

• 12 Sep Avoiding SMTP Injection: A Whitebox primer
• 12 Apr Improving GraphQL security with static analysis
• 08 Mar rs-async-zip Zip Path Traversal (Zip Slip)
• 01 Jan SonarSource CodeAdvent Security Calendar 2021 Notes

2021

• 08 Dec Joern Cheat Sheet
• 15 May Exploit Education - Phoenix Notes
• 09 May SuiteCRM - Phar Deserialization to Code Execution
• 03 May Fuzzing with Go-Fuzz
• 14 Apr ADempiere Unsafe Deserialization to Code Execution
• 16 Jan OpenCATS PHP Object Injection to Arbitrary File Write
• 08 Jan PHP Object Injection Exploitation Notes

2020

• 28 Dec Code Security Advent Calendar 2020 Answers
• 02 Sep Writing AngularJS Security Semantic Rules using Semgrep
• 30 Jun Demystifying HTTP request smuggling
• 03 Apr Webhacking.kr Solutions
• 01 Mar Patching Zip Traversal within pclzip
• 08 Feb DomGoat Walkthrough
• 07 Jan RipsTech Java Security Calendar 2019 Notes

2019

• 17 Sep Exploit Education - Nebula Walkthrough
• 10 Aug Customize the Favicon
• 02 Aug Common XSS payloads I use
• 08 Jun Facebook CTF 2019: Products Manager Writeup
• 08 Jun Facebook CTF 2019 : pdfme Writeup
• 21 Jan Pentestit TestLab V12 Walkthrough

2018

• 28 Dec HackTheBox : Active Walkthrough
• 20 Sep Ghost Publishing Platform – SVG Image Upload to Stored Cross-site scripting
• 21 Aug Top 10 OSINT Tools/Sources for Security Folks
• 28 Jul phppgadmin CSRF to Code Execution
• 26 Apr The target="_blank" Vulnerability
• 23 Mar RipsTech PHP Security Calendar 2017 Notes
• 21 Mar Introduction to Socat

2017

• 21 Sep Ganglia Reflected XSS

2016

• 07 Aug Finding SQL Injection vulnerabilities using polyglot payloads
• 07 Aug Exploiting Local File Inclusion using PHP Wrappers

2015

• 23 Oct 6 things I didn't know Drozer could do
• 25 Aug ZAP Scripting