2021

• posts Nov 4 Automating DOM XSS Discovery
• posts Aug 16 Mitigation schmitigation: Control HttpOnly cookies through XSS
• posts Aug 10 Fuzz the Unfuzzable
• posts Feb 7 Cheatsheet: XSS that works in 2021
• posts Jan 31 Escape Static Website Dependency Hell with Hugo
• posts Jan 16 Breaking Python 3 eval protections

2020

• posts Feb 6 100% evasion - Write a crypter in any language to bypass AV
• posts Feb 1 Actual XSS in 2020
• posts Jan 11 Tradecraft - This is why your tools and exploits get detected by EDR
• posts Jan 9 Minitip - Stored XSS through SVG