How I exploited ACME TLS-SNI-01 issuing Let's Encrypt SSL-certs for any domain using shared hosting
Kicking the Rims - A Guide for Securely Writing and Auditing Chrome Extensions | The Hacker Blog
EdOverflow | An analysis of logic flaws in web-of-trust services.
OWASP AppSecEU 2018 -- Attacking "Modern" Web Technologies
PowerPoint Presentation - OWASP_AppSec_EU18_WordPress.pdf
Scratching the surface of host headers in Safari
RCE by uploading a web.config -- 003Random's Blog
Security: HTTP Smuggling, Apsis Pound load balancer | RBleug
Piercing the Veil: Server Side Request Forgery to NIPRNet access
inputzero: A bug that affects million users - Kaspersky VPN | Dhiraj Mishra
inputzero: Telegram anonymity fails in desktop - CVE-2018-17780 | Dhiraj Mishra
inputzero: An untold story of skype by microsoft | Dhiraj Mishra
Neatly bypassing CSP -- Wallarm
Large-Scale Analysis of Style Injection by Relative Path Overwrite - www2018rpo_paper.pdf
Beyond XSS: Edge Side Include Injection :: GoSecure
GitHub - HoLyVieR/prototype-pollution-nsec18: Content released at NorthSec 2018 for my talk on prototype pollution
Logically Bypassing Browser Security Boundaries - Speaker Deck
Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out
Web Cache Deception Attack - YouTube
Duo Finds SAML Vulnerabilities Affecting Multiple Implementations | Duo Security
#307670 Difference in query string parameter processing between Hacker News and Keybase Chrome extension spawns chat to incorrect user
lanmaster53.com
Beyond XSS: Edge Side Include Injection :: GoSecure
Scratching the surface of host headers in Safari
#309531 Stored XSS in Snapmatic + R★Editor comments
InsertScript: Adobe Reader PDF - Client Side Request Injection
$36k Google App Engine RCE - Ezequiel Pereira
MKSB(en): CVE-2018-5175: Universal CSP strict-dynamic bypass in Firefox
#341876 SSRF in Exchange leads to ROOT access in all instances
reCAPTCHA bypass via HTTP Parameter Pollution -- Andres Riancho
Data Exfiltration via Formula Injection #Part1
Read&Write Chrome Extension Same Origin Policy (SOP) Bypass Vulnerability | The Hacker Blog
Firefox uXSS and CSS XSS - Abdulrahman Al-Qabandi
Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution - Bishop Fox
Bypassing Web-Application Firewalls by abusing SSL/TLS | 0x09AL Security blog
Evading CSP with DOM-based dangling markup | Blog
Save Your Cloud: DoS on VMs in OpenNebula 4.6.1
CRLF Injection Into PHP's cURL Options -- TomNomNom -- Medium
Practical Web Cache Poisoning | Blog
#317476 Account Takeover in Periscope TV
A timing attack with CSS selectors and Javascript
VPN Extensions are not for privacy
Exposing Intranets with reliable Browser-based Port scanning | Blog
Exploiting XXE with local DTD files
A story of the passive aggressive sysadmin of AEM - Speaker Deck
Hunting for security bugs in AEM webapps - Speaker Deck
ASP.NET resource files (.RESX) and deserialisation issues
Story of my two (but actually three) RCEs in SharePoint in 2018 | Soroush Dalili (@irsdl) -- سروش دلیلی
Beware of Deserialisation in .NET Methods and Classes + Code Execution via Paste!
cat ~/footstep.ninja/blog.txt
Blog - RCE due to ShowExceptions
MB blog: Vulnerability in Hangouts Chat: from open redirect to code execution
Blog on Gopherus Tool
DNS Rebinding Headless Browsers