Research Articles

Document My Pentest: you hack, the AI writes it up!

SAML roulette: the hacker always wins

Shadow Repeater

Bypassing character blocklists with unicode overflows

Stealing HttpOnly cookies with the cookie sandwich technique

Bypassing WAFs with the phantom $Version cookie

New crazy payloads in the URL Validation Bypass Cheat Sheet

Concealing payloads in URL credentials

Introducing the URL validation bypass cheat sheet

Gotta cache 'em all: bending the rules of web cache exploitation

Splitting the email atom: exploiting parsers to bypass access controls

Listen to the whispers: web timing attacks that actually work

Fickle PDFs: exploiting browser rendering discrepancies

Previewing three publications coming to DEF CON & Black Hat USA

New exotic events in the XSS cheat sheet

Refining your HTTP perspective, with bambdas

Introducing SignSaboteur: forge signed web tokens with ease

Making desync attacks easy with TRACE

Using form hijacking to bypass CSP

Hiding payloads in Java source code strings

Finding that one weird endpoint, with Bambdas

Blind CSS Exfiltration: exfiltrate unknown web pages

The single-packet attack: making remote race-conditions 'local'

How to build custom scanners for web security research automation

Smashing the state machine

Exploiting XSS in hidden inputs and meta tags

How I choose a security research topic

Bypassing CSP via DOM clobbering

Ambushed by AngularJS: a hidden CSP bypass in Piwik PRO

The curl quirk that exposed Burp Suite & Google Chrome

Exploiting prototype pollution in Node without the filesystem

Server-side prototype pollution: Black-box detection without the DoS

Hijacking service workers via DOM Clobbering

Stealing passwords from infosec Mastodon - without bypassing CSP