$ ls /blog

Research

• 25 Feb 2021 »An Exploration of JSON Interoperability Vulnerabilities
• 08 Dec 2020 »RMIScout Update (RMI-IIOP, SSL, Invoke mode) and Lessons Learned Brute-forcing RMI-IIOP
• 08 Sep 2020 »h2c Smuggling: Request Smuggling via HTTP/2 Cleartext (h2c)
• 12 Jun 2020 »OOB to RCE: Exploitation of the Hobbes Functional Interpreter
• 26 May 2020 »RMIScout: Safely and Quickly Brute-Force Java RMI Interfaces for Code Execution
• 27 Apr 2020 »PHPGGC: Added Monolog RCE3 gadget
• 11 Mar 2020 »Twisted 19.10.0: Multiple HTTP Request Splitting
• 18 Feb 2020 »GadgetProbe: Exploiting Deserialization to Brute-Force the Remote Classpath
• 18 Jul 2019 »[GitGot] Going Semi-Automated in an Automated World: Using Human-in-the-Loop Workflows to Improve Our Security Tools
• 11 Jun 2018 »Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution

Miscellaneous

• 09 Feb 2022 »PortSwigger - Top 10 Web Hacking Techniques of 2021 (#7)
• 24 Feb 2021 »PortSwigger - Top 10 Web Hacking Techniques of 2020 (#1)
• 02 Apr 2020 »Daily Swig - Twisted programming framework stung by brace of request smuggling vulnerabilities
• 02 Mar 2020 »Daily Swig - GadgetProbe: New tool simplifies the exploitation of Java deserialization vulnerabilities
• 06 Jun 2019 »[Presentation] RedSec ATL - Abuse of Authority: The Confused Deputies of the Cloud
• 27 Feb 2019 »PortSwigger - Top 10 Web Hacking Techniques of 2018 (Mention in #9)
• 30 Dec 2018 »Intigriti - Ten Best Writeups of 2018 (#4)
• 18 Jun 2018 »Daily Swig - Formula Injection Heads Server-Side
• 12 Jun 2018 »[Presentation] Empire Hacking NYC - Server-side Spreadsheet Injections: Leveraging Formulas for High-Impact Attacks