Detecting the use of "curl | bash" server side


Exploiting CSRF against search with Lucene


Detecting low entropy tokens with massive bloom filters in Burp


MySQL with SSL does not always protect against active MITM


HTTP Parameter Pollution with cookies in PHP


Raspberry PI and Tor for slightly easier OPSEC


Data exfiltration through the VMware hypervisor


Encoding Web Shells in PNG IDAT chunks


Taking screenshots using XSS and the HTML5 Canvas


Exploit: Symfony2 - local file disclosure vulnerability


Extending Burp Suite to solve reCAPTCHA


Decrypting suhosin sessions and cookies.


JavaScript and Daylight Savings for tracking users.


Google TOTP Two-factor Authentication for PHP


Exploit: PHPCaptcha / Securimage is not secure.


JavaScript keylogger in JQuery.


Clickjacking and Phishing with help from the HTML5 JavaScript Sandbox


PHP Remote File Inclusion command shell using data://


Hardening and securing PHP on Linux


Using php://filter for local file inclusion


Scanning the internal network using SimpleXML


MongoDB Null Byte Injection attacks


Mongodb is vulnerable to SQL injection in PHP at least