• 29.08.2024 leveraging Lua to sniff memcached proxies
• 12.05.2021 the fanciful allure and utility of syscalls
• 10.03.2021 On Exploiting CVE-2021-1648 (splwow64 LPE)
• 08.08.2020 Digging the Adobe Sandbox - IPC Internals
• 22.08.2019 Exploiting Leaked Process and Thread Handles
• 12.08.2019 Code Execution via Fiber Local Storage
• 22.08.2018 Dell Digital Delivery - CVE-2018-11072 - Local Privilege Escalation
• 01.05.2018 Dell SupportAssist Driver - Local Privilege Escalation
• 17.09.2017 Abusing delay load DLLs for remote code injection
• 01.09.2017 Abusing Token Privileges for EoP
• 06.01.2015 ntpdc local buffer overflow
• 27.08.2014 railo security - part four - pre-auth remote code execution
• 23.08.2014 railo security - part three - pre-authentication LFI
• 24.07.2014 railo security - part two - post-authentication rce
• 29.06.2014 gitlist - commit to rce
• 25.06.2014 railo security - part one - intro
• 13.05.2014 rce in browser exploitation framework (BeEF)
• 02.04.2014 LFI to shell in Coldfusion 6-10
• 26.03.2014 IBM Tealeaf CX (v8 Release 8) Remote OS Command Injection / LFI
• 10.03.2014 meterpreter shell upgrades using powershell
• 02.03.2014 introduction
• 24.02.2014 ganib project management 2.3 SQLi
• 26.01.2014 Fetching JBoss MBean method hashes
• 14.10.2013 Dolibarr 3.4.0 - Multiple Vulnerabilities
• 28.07.2013 OpenEMM-2013 SOAP SQLi/Stored XSS
• 10.07.2013 solving RA1NXing Bots
• 02.07.2013 introducing zarp
• 21.06.2013 Collabtive 1.0 - SQLi
• 05.06.2013 Asus RT56U Remote Command Injection
• 02.06.2013 PHD Help Desk 2.12 - SQLi/XSS
• 20.05.2013 Kimai v0.9.2 - SQLi
• 20.04.2013 Motorola Surfboard - Multiple Vulnerabilities
• 02.04.2013 solving brainpan
• 30.03.2013 Protostar solutions - Stack Levels
• 30.03.2013 Nebula Solutions - All Levels
• 30.12.2012 lshell 0.9.15 pathing vulnerability
• 18.11.2012 Solving Hackademic-RTB2
• 13.11.2012 Solving Hackademic-RTB1
• 03.10.2012 FastSpy 2.1.1 Buffer Overflow
• 09.08.2012 solving pwn0s v2
• 07.06.2012 solving pwn0s