How to automate DOM XSS discovery using semgrep and a single Python script.
How HttpOnly can be beaten with XSS
4 useful ways to fuzz stuff that many people would consider 'unfuzzable'.
XSS Cheatsheet for 2021 and onwards.
Static website dependency hell and how Hugo can help you escape from it.
How Python 3's eval works and how to abuse it from an attacker perspective to evade its protections.
Design & Implementation of a crypter in any language, using Xencrypt (Powershell) as an underlying example.
XSS Cheatsheet for 2020.
Common reasons why payloads get picked up by EDRs.
How to find persistent XSS through SVG files.