2022

• "Zero-Days" Without Incident - Compromising Angular via Expired npm Publisher Email Domains

2019

• Video Downloader and Video Downloader Plus Chrome Extension Hijack Exploit - UXSS via CSP Bypass (~15.5 Million Affected)

2018

• Kicking the Rims – A Guide for Securely Writing and Auditing Chrome Extensions
• Steam, Fire, and Paste – A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper
• Reading Your Emails With A Read&Write Chrome Extension Same Origin Policy Bypass (~8 Million Users Affected)
• ZenMate VPN Browser Extension Deanonymization & Hijacking Vulnerability (3.5 Million Affected Users)
• “I too like to live dangerously”, Accidentally Finding RCE in Signal Desktop via HTML Injection in Quoted Replies

2017

• The .io Error – Taking Control of All .io Domains With a Targeted Registration
• The Journey to Hijacking a Country’s TLD – The Hidden Risks of Domain Extensions
• Hacking Guatemala’s DNS – Spying on Active Directory Users By Exploiting a TLD Misconfiguration
• Respect My Authority – Hijacking Broken Nameservers to Compromise Your Target

2016

• The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean
• Breaching a CA – Blind Cross-site Scripting (BXSS) in the GeoTrust SSL Operations Panel Using XSS Hunter
• Floating Domains – Taking Over 20K DigitalOcean Domains via a Lax Domain Import System
• Keeping Positive – Obtaining Arbitrary Wildcard SSL Certificates from Comodo via Dangling Markup Injection
• The International Incident – Gaining Control of a .int Domain Name With DNS Trickery
• XSS Hunter is Now Open Source – Here’s How to Set It Up!
• Poisoning the Well – Compromising GoDaddy Customer Support With Blind XSS
• XSS Hunter – A Modern Approach to Testing for Cross-site Scripting (XSS)

2015

• The “Unhackable” WordPress Blog – Finding Security In the Static
• [Cross-Post] Fishing the AWS IP Pool for Dangling Domains
• Building An Rdio Flash Cross-domain Exploit with FlashHTTPRequest (crossdomain.xml Security)
• [Blackhat Talk] Bypass Surgery Abusing Content Delivery Networks With Server-Side Request Forgery (SSRF), Flash, and DNS
• sonar.js – A Framework for Scanning and Exploiting Internal Hosts With a Webpage
• Stealing Lastpass Passwords With Clickjacking
• The NoScript Misnomer – Why should I trust vjs.zendcdn.net?
• AirDroid App Full Phone Takeover Vulnerability Fixed
• Dataurization of URLs for A More Effective Phishing Campaign

2014

• wmap – A Chrome Extension for Taking Screenshots of Web Services In Bulk
• Mining DNS Data Using The Cloud™ (via Cloudflare)
• Vulnerable By Design – The Backdoor That Came Through the Front [Video]
• Dirty Browser Enumeration Tricks – Using chrome:// and about: to Detect Firefox & Addons
• Every C99 / C99.php Shell Is Backdoored (A.K.A. Free Shells for Everyone!)
• Auditing WP-DB-Backup WordPress Plugin & Why Using the Database Password for Entropy is a Bad Idea
• eBay Mobile Reflected XSS Disclosure Writeup
• Crossdomain.xml Hacking – Proof of Concept Tool
• More Advanced XSS Denial of Service Attacks?
• A Look Into Creating A Truley Invisible PHP Shell
• Cryptorbit Decryptor Ransomware Website PHP Source Code Leak
• A More Universal Router Payload – Backdooring the Linksys WRT54G Firmware
• Amazon EC2 GPU HVM Spot Instance Password Cracking – Hashcat Setup Tutorial
• Samsung.com Account Takeover Vulnerability Write-up
• hack you 2014 CTF Writeup – Winning PHPwning Web400 the Wrong Way
• xssless Update – Self Propagation & Why JavaScript Worms Can Be Very Scary

2013

• Such CTF Very Wow – 30C3 Doge1 Writeup
• Hacking Script Kiddies, r57.gen.tr Shells Are Backdoored in a Way You Might Not Guess
• xssless – Automatic XSS Payload Generator
• How I Got 5,000 GitHub Followers In Less Than 24 Hours
• Exploiting SQL Injection Edge Cases With Ease – A Method
• Robots Exclusion Committee Writeup – Hack.lu 2013 CTF
• Pay TV Writeup – Hack.lu CTF 2013
• Sneaky methods for capturing the “Geolocation Flag(s)” for Hack.lu CTF
• Reversing Snapchat – Pressure Cooker Hidden Code?
• UnsubPwning – How to Get Any User to Click Your Email Link & Pwn Them
• Sharif University CTF Quals – Web 200 Writeup
• CSAW Lulz Writeup – Funny observations and serious problems
• CSAW 2013 WidgetCorp Writeup, with bonus coolness
• Hacking XAMPP Web Servers Via Local File Inclusion (LFI)
• CAPTCHA Solving Botnet, How Hackers Can Use Their Victims for More Than Just Computing Power
• The Story of Bob and Mike, or How You Might Get Hacked By Sub Domain Brute Forcing!
• Already Hacked Hacking
• Familiarity with GUI and Stealthy Malware Delivery
• DNS (and ICMP) Tunneling or How to Get Free Wifi at the Airport/Cafe