[19-04-2016]

Detecting the use of "curl | bash" server side

[13-09-2015]

Exploiting CSRF against search with Lucene

[19-05-2015]

Detecting low entropy tokens with massive bloom filters in Burp

[27-03-2015]

MySQL with SSL does not always protect against active MITM

[11-06-2013]

HTTP Parameter Pollution with cookies in PHP

[09-01-2013]

Raspberry PI and Tor for slightly easier OPSEC

[11-08-2012]

Data exfiltration through the VMware hypervisor

[04-06-2012]

Encoding Web Shells in PNG IDAT chunks

[16-04-2012]

Taking screenshots using XSS and the HTML5 Canvas

[25-02-2012]

Exploit: Symfony2 - local file disclosure vulnerability

[19-01-2012]

Extending Burp Suite to solve reCAPTCHA

[30-11-2011]

Decrypting suhosin sessions and cookies.

[02-10-2011]

JavaScript and Daylight Savings for tracking users.

[25-07-2011]

Google TOTP Two-factor Authentication for PHP

[25-05-2011]

Exploit: PHPCaptcha / Securimage is not secure.

[21-05-2011]

JavaScript keylogger in JQuery.

[01-05-2011]

Clickjacking and Phishing with help from the HTML5 JavaScript Sandbox

[24-03-2011]

PHP Remote File Inclusion command shell using data://

[28-02-2011]

Hardening and securing PHP on Linux

[23-02-2011]

Using php://filter for local file inclusion

[14-02-2011]

Scanning the internal network using SimpleXML

[12-02-2011]

MongoDB Null Byte Injection attacks

[01-07-2010]

Mongodb is vulnerable to SQL injection in PHP at least