Automating DOM XSS Discovery 📅 Nov 4, 2021 · ☕ 9 min read How to automate DOM XSS discovery using semgrep and a single Python script.
Mitigation schmitigation: Control HttpOnly cookies through XSS 📅 Aug 16, 2021 · ☕ 4 min read How HttpOnly can be beaten with XSS
Fuzz the Unfuzzable 📅 Aug 10, 2021 · ☕ 7 min read 4 useful ways to fuzz stuff that many people would consider 'unfuzzable'.
Cheatsheet: XSS that works in 2021 📅 Feb 7, 2021 · ☕ 5 min read XSS Cheatsheet for 2021 and onwards.
Escape Static Website Dependency Hell with Hugo 📅 Jan 31, 2021 · ☕ 8 min read Static website dependency hell and how Hugo can help you escape from it.
Breaking Python 3 eval protections 📅 Jan 16, 2021 · ☕ 7 min read How Python 3's eval works and how to abuse it from an attacker perspective to evade its protections.
100% evasion - Write a crypter in any language to bypass AV 📅 Feb 6, 2020 · ☕ 13 min read Design & Implementation of a crypter in any language, using Xencrypt (Powershell) as an underlying example.
Tradecraft - This is why your tools and exploits get detected by EDR 📅 Jan 11, 2020 · ☕ 5 min read Common reasons why payloads get picked up by EDRs.
Minitip - Stored XSS through SVG 📅 Jan 9, 2020 · ☕ 1 min read How to find persistent XSS through SVG files.