Common OAuth Vulnerabilities (plus Security Cheat Sheet)
Top 10 web hacking techniques of 2024: nominations open
Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal (CSPT, CSPT2CSRF)
SMB3 Kernel Server (ksmbd) fuzzing and vulns
Unsafe Archive Unpacking: Labs and Semgrep Rules
A step-by-step intro to Client Side Path-Traversal with Eval Villain
Class Pollution in Ruby: A Deep Dive into Exploiting Recursive Merges
Applying security engineering to make phishing harder
Windows Installer Custom Actions Privilege Escalation Vulnerability
A Race to the Bottom - Database Transactions Undermining Your AppSec
Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery (CSPT2CSRF)
Threat modeling an IdP compromise, and hardening (Teleport specific). Full tech paper.
A Look at Software Composition Analysis. It’s time to ignore most of dependency alerts.
New Visual Studio Code plugin for IaC security (plus collaboration, semgrep integration)
Kubernetes Scheduling And Secure Design
Session Hijacking Visual Exploitation, New release with Office Documents Poisoning
A Prime on Client-side JavaScript Instrumentation
Session Hijacking Visual Exploitation (SHVE). New tool for XSS Exploitation
Huawei Theme Manager Arbitrary Code Execution Vulnerability
Streamlining Websocket Pentesting with wsrepl
Messing Around With AWS Batch For Privilege Escalations
Reversing Python Pickles
The Case For Improving Crypto Wallet Security
NPM request Library SSRF Cross Protocol Redirect Bypass
Dirty Arbitrary File Write to RCE in Python uWSGI
