/dns-and-icmp-tunneling/ 2013-03-11T19:39:44-07:00 /familiarity-with-gui-and-tricky-hacking/ 2013-03-25T13:45:26-07:00 /already-hacked-hacking/ 2013-03-28T15:04:50-07:00 /the-story-of-bob-and-mike-or-how-you-got-hacked-by-sub-domain-brute-forcing/ 2013-04-18T13:37:20-07:00 /captcha-solving-botnet-how-hackers-can-use-their-victims-for-more-than-just-computing-power/ 2013-05-22T14:20:07-07:00 /hacking-xampp-web-servers-via-local-file-inclusion-lfi/ 2013-06-02T21:31:35-07:00 /csaw-2013-widgetcorp-writeup-with-bonus-coolness/ 2013-09-22T16:23:08-07:00 /csaw-lulz-writeup-funny-observations-and-serious-problems/ 2013-09-22T20:42:31-07:00 /sharif-university-ctf-quals-web-200-writeup/ 2013-10-04T12:53:07-07:00 /unsubpwning-how-to-get-any-user-to-click-your-email-link-pwn-them/ 2013-10-06T13:51:59-07:00 /reversing-snapchat-pressure-cooker-hidden-code/ 2013-10-15T13:37:14-07:00 /sneaky-methods-for-capturing-the-geolocation-flags-for-hack-lu-ctf/ 2013-10-23T23:00:15-07:00 /pay-tv-writeup-hack-lu-ctf-2013/ 2013-10-23T23:00:19-07:00 /robots-exclusion-committee-writeup-hack-lu-2013-ctf/ 2013-10-23T23:00:46-07:00 /exploiting-sqli-edge-cases-with-ease-a-method/ 2013-10-24T09:07:14-07:00 /how-i-got-5000-github-followers-in-less-than-24-hours/ 2013-10-30T15:44:07-07:00 /xssless-automatic-xss-payload-generator/ 2013-12-18T22:43:00-08:00 /hacking-script-kiddies-r57-gen-tr-shells-are-backdoored-in-a-way-you-probably-wouldnt-guess/ 2013-12-23T21:46:33-08:00 /such-ctf-very-wow-30c3-doge1-writeup/ 2013-12-29T14:28:37-08:00 /xssless-update-self-propagation-why-javascript-worms-can-be-very-scary/ 2014-01-08T00:20:43-08:00 /hack-you-2014-ctf-writeup-winning-phpwning-web400-the-wrong-way/ 2014-01-15T19:50:57-08:00 /samsung-com-account-takeover-vulnerability-write-up/ 2014-01-24T06:27:04-08:00 /amazon-ec2-gpu-hvm-spot-instance-cracking-setup-tutorial/ 2014-01-24T08:19:50-08:00 /linksys-wrt56g-backdoor-payload/ 2014-02-20T17:02:07-08:00 /cryptorbit-decryptor-randsomware-website-php-source-code-leak/ 2014-03-19T19:43:55-07:00 /a-look-into-creating-a-truley-invisible-php-shell/ 2014-04-01T12:59:40-07:00 /more-advanced-xss-denial-of-service-attacks/ 2014-04-05T14:41:26-07:00 /crossdomain-xml-proof-of-concept-tool/ 2014-04-14T19:19:10-07:00 /ebay-mobile-reflected-xss-disclosure-writeup/ 2014-06-05T22:52:04-07:00 /auditing-wp-db-backup-wordpress-plugin-why-using-the-database-password-for-entropy-is-a-bad-idea/ 2014-06-13T05:19:54-07:00 /every-c99-php-shell-is-backdoored-aka-free-shells/ 2014-06-23T00:04:38-07:00 /dirty-browser-enumeration-tricks-using-chrome-and-about-to-detect-firefox-plugins/ 2014-09-04T11:29:12-07:00 /vulnerable-by-design-the-backdoor-that-came-through-the-front-video/ 2014-11-21T12:59:41-08:00 /mining-dns-data-using-cloudflare/ 2014-12-22T00:24:52-08:00 /wmap-a-chrome-extension-for-taking-screenshots-of-web-services/ 2014-12-27T19:40:18-08:00 /dataurization-of-urls-for-a-more-effective-phishing-campaign/ 2015-01-19T19:09:49-08:00 /airdroid-app-full-phone-takeover-vulnerability-fixed/ 2015-04-15T09:43:40-07:00 /the-noscript-misnomer-why-should-i-trust-vjs-zendcdn-net/ 2015-06-19T17:28:15-07:00 /stealing-lastpass-passwords-with-clickjacking/ 2015-07-01T00:52:39-07:00 /sonar-a-framework-for-scanning-and-exploiting-internal-hosts-with-a-webpage/ 2015-08-23T13:02:23-07:00 /blackhat-talk-bypass-surgery-abusing-content-delivery-networks-with-server-side-request-forgery-ssrf-flash-and-dns/ 2015-09-11T09:20:46-07:00 /building-an-rdio-flash-cross-domain-exploit-with-flashhttprequest-crossdomain-xml-security/ 2015-09-22T21:05:21-07:00 /cross-post-fishing-the-aws-ip-pool-for-dangling-domains/ 2015-10-08T08:54:20-07:00 /the-unhackable-wordpress-blog-finding-security-in-the-static/ 2015-10-13T23:27:12-07:00 /xss-hunter-a-modern-approach-to-testing-for-cross-site-scripting-xss/ 2016-03-21T18:27:12-07:00 /poisoning-the-well-compromising-godaddy-customer-support-with-blind-xss/ 2016-05-08T15:27:38-07:00 /xss-hunter-is-now-open-source-heres-how-to-set-it-up/ 2016-05-29T23:19:35-07:00 /the-international-incident-gaining-control-of-a-int-domain-name-with-dns-trickery/ 2016-07-09T18:46:39-07:00 /keeping-positive-obtaining-arbitrary-wildcard-ssl-certificates-from-comodo-via-dangling-markup-injection/ 2016-07-25T09:35:05-07:00 /floating-domains-taking-over-20k-digitalocean-domains-via-a-lax-domain-import-system/ 2016-08-25T21:04:42-07:00 /breaching-a-ca-blind-cross-site-scripting-bxss-in-the-geotrust-ssl-operations-panel-using-xss-hunter/ 2016-08-31T09:42:03-07:00 /the-orphaned-internet-taking-over-120k-domains-via-a-dns-vulnerability-in-aws-google-cloud-rackspace-and-digital-ocean/ 2016-12-05T08:30:18-08:00 /respect-my-authority-hijacking-broken-nameservers-to-compromise-your-target/ 2017-01-12T01:26:00-08:00 /hacking-guatemalas-dns-spying-on-active-directory-users-by-exploiting-a-tld-misconfiguration/ 2017-01-30T23:54:10-08:00 /the-journey-to-hijacking-a-countrys-tld-the-hidden-risks-of-domain-extensions/ 2017-06-04T03:59:13-07:00 /the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/ 2017-07-10T08:21:08-07:00 /i-too-like-to-live-dangerously-accidentally-finding-rce-in-signal-desktop-via-html-injection-in-quoted-replies/ 2018-05-16T06:33:23-07:00 /zenmate-vpn-browser-extension-deanonymization-hijacking-vulnerability-3-5-million-affected-users/ 2018-05-29T08:31:57-07:00 /reading-your-emails-with-a-readwrite-chrome-extension-same-origin-policy-bypass-8-million-users-affected/ 2018-06-04T23:59:47-07:00 /steam-fire-and-paste-a-story-of-uxss-via-dom-xss-clickjacking-in-steam-inventory-helper/ 2018-06-07T19:24:01-07:00 /kicking-the-rims-a-guide-for-securely-writing-and-auditing-chrome-extensions/ 2018-06-12T23:48:25-07:00 /video-download-uxss-exploit-detailed/ 2019-02-22T18:39:44-08:00 /zero-days-without-incident-compromising-angular-via-expired-npm-publisher-email-domains-7kZplW4x/ 2022-02-11T00:00:00-08:00 /about/ /categories/ / /posts/ /search/ /tags/ /page2/ /page3/ /page4/ /page5/ /page6/ /page7/ /page8/ /page9/ /page10/ /page11/ /page12/ /page13/ /addon_scanner/addon_data.html 2020-09-07T11:55:30-07:00 /addon_scanner/images/Id%C3%85%C2%91j%C3%83%C2%A1r%C3%83%C2%A1s.html 2020-09-07T11:55:32-07:00 /addon_scanner/images/SlyteeS%C3%83%C2%A9curit%C3%83%C2%A9R%C3%83%C2%A9putation.html 2020-09-07T11:55:35-07:00 /addon_scanner/images/%C3%90%C2%98%C3%903%C3%91%C2%80%C3%91%C2%8BMailRu.html 2020-09-07T11:55:37-07:00 /addon_scanner/images/%C3%A5%C2%88%C2%86%C3%A4o%C2%AB%C3%A5%C2%88%C2%B0%C3%A8%C2%B1%C2%86%C3%A7%C2%93%C2%A3%C3%A4%20%CC%A7%C2%9C%C3%A8%C2%A5%C2%BF.html 2020-09-07T11:55:37-07:00 /addon_scanner/images/%C3%A5%C2%A6%C2%82%C3%A6%C2%84%C2%8F%C3%A6%C2%B7%C2%98%C3%A5%C2%90%C2%8C%C3%A6%C2%AC3%E2%81%844%C3%A6%20%CC%84%C2%94%C3%A4%C2%BB%C2%B7%C3%A4%C2%BB%C2%B7%C3%A6%201%E2%81%844%C3%A6%C2%9B2%C3%A7o%C2%BF%C3%A9%C2%99%C2%8D%C3%A4%C2%BB%C2%B7%C3%A6%C2%8F%C2%90%C3%A9%C2%86%C2%92.html 2020-09-07T11:55:37-07:00 /addon_scanner/images/%C3%A6%C2%83%20%C3%A41%C2%B0%C3%A8%20%CC%81%C2%AD%C3%A7%C2%89%C2%A9%C3%A5%C2%8A%C2%A9%C3%A6%C2%89%C2%8B%C3%A71%E2%81%842%C2%91%C3%A8%20%CC%81%C2%AD%C3%A6%20%CC%84%C2%94%C3%A4%C2%BB%C2%B7%C3%A5%C2%88%C2%A9%C3%A5%C2%99%20%CC%88.html 2020-09-07T11:55:37-07:00 /addon_scanner/ 2020-09-07T11:55:37-07:00 /crossdomain/ 2020-09-07T11:55:37-07:00 /dataurize/chrome/ 2020-09-07T11:55:37-07:00 /dataurize/chrome/test.htm 2020-09-07T11:55:37-07:00 /dataurize/chrome/wow/ 2020-09-07T11:55:38-07:00 /dataurize/firefox/bam.htm 2020-09-07T11:55:38-07:00 /dataurize/firefox/bam.html 2020-09-07T11:55:38-07:00 /dataurize/firefox/ 2020-09-07T11:55:38-07:00 /dataurize/firefox/test.htm 2020-09-07T11:55:38-07:00 /dataurize/firefox/wow/ 2020-09-07T11:55:38-07:00 /downloads/example_report/fonts/ODelI1aHBYDBqgeIAH2zlNzbP97U9sKh0jjxbPbfOKg.html 2020-09-07T11:55:38-07:00 /downloads/example_report/fonts/glyphicons-halflings-regular-2.html 2020-09-07T11:55:38-07:00 /downloads/example_report/fonts/glyphicons-halflings-regular.html 2020-09-07T11:55:38-07:00 /downloads/example_report/fonts/toadOcfmlt9b38dHJxOBGLsbIrGiHa6JIepkyt5c0A0.html 2020-09-07T11:55:39-07:00 /downloads/example_report/fonts/toadOcfmlt9b38dHJxOBGMw1o1eFRj7wYC6JbISqOjY.html 2020-09-07T11:55:39-07:00 /downloads/example_report/ 2020-09-07T11:55:39-07:00 /galvanizer/ 2020-09-12T12:54:27-07:00 /lastpass/ 2020-09-07T11:55:39-07:00 /rdio/GET.html 2020-09-07T11:55:40-07:00 /rdio/fonts/glyphicons-halflings-regular-2.html 2020-09-07T11:55:40-07:00 /rdio/fonts/glyphicons-halflings-regular.html 2020-09-07T11:55:40-07:00 /rdio/ 2020-09-07T11:55:40-07:00 /tarnish/ 2020-09-07T11:55:42-07:00 /wp-content/uploads/2015/09/Black_Hat_USA_2015-Bypass_Surgery-6Aug2015.pdf 2020-09-07T11:56:18-07:00