Automating DOM XSS Discovery
· ☕ 9 min read
How to automate DOM XSS discovery using semgrep and a single Python script.

Fuzz the Unfuzzable
· ☕ 7 min read
4 useful ways to fuzz stuff that many people would consider 'unfuzzable'.

Breaking Python 3 eval protections
· ☕ 7 min read
How Python 3's eval works and how to abuse it from an attacker perspective to evade its protections.

Actual XSS in 2020
· ☕ 6 min read
XSS Cheatsheet for 2020.