- application security 21
- automation 3
- consulting 1
- cracking 2
- development 3
- Flask 3
- hacking 10
- leadership 2
- miscellaneous 2
- network security 11
- projects 7
- Recon-ng 4
- tools 7
- training 2
application security
- Dynamic Discovery of Mass Assignment Vulnerabilities
- A Decade of Training
- XSS Active Defense
- SQLi Exploiter: Exploiting Complex SQL Injections
- Report Spam. Get Owned.
- Handling Missed Vulnerabilities
- Proxying thru Virtual Client VPNs
- Fun with XSShell
- Exploring SSTI in Flask/Jinja2 - Part 2
- Exploring SSTI in Flask/Jinja2
- Validating Redirects with Hyperlinks
- Regex: Regularly Exploitable
- Method Interchange: The Forgotten Vulnerability
- Session Fixation Demystified
- Cross-Site Trust Exploitation (XSTE)
- DOM-based Cross-Site Scripting, Revisited
- Defending Against Harvesting Attacks on Registration Systems
- Multi-POST Cross-Site Request Forgery
- Defending Against SSL Stripping Attacks
- Stealth Cookie Stealing (XSS technique)
- Local File Inclusion to Remote Command Execution using SSH
automation
- Get Off Your Butt and Teach Your Kids to Code
- WUDS: Wi-Fi User Detection System
- Raspberry Pi - Pianobar
consulting
cracking
development
- Dynamic Discovery of Mass Assignment Vulnerabilities
- A Decade of Training
- Get Off Your Butt and Teach Your Kids to Code
Flask
- Dynamic Discovery of Mass Assignment Vulnerabilities
- Exploring SSTI in Flask/Jinja2 - Part 2
- Exploring SSTI in Flask/Jinja2
hacking
- Dynamic Discovery of Mass Assignment Vulnerabilities
- XSS Active Defense
- SQLi Exploiter: Exploiting Complex SQL Injections
- Report Spam. Get Owned.
- Cooling Down the Hottest Ticket in Town
- Exploring SSTI in Flask/Jinja2 - Part 2
- Exploring SSTI in Flask/Jinja2
- Multi-POST Cross-Site Request Forgery
- ESPN Fantasy Football - The Complete Attack
- Hacking the DEFCON 18 Badge
leadership
miscellaneous
network security
- Handling Missed Vulnerabilities
- Proxying thru Virtual Client VPNs
- Getting Shell in Modern Restricted User Environments
- IPS Avoidance with Vulnerability Scanners
- Manual Local Hash Extraction
- Public Facing LDAP Enumeration
- Catching and Cleaning a Phish
- Taming the Stubborn Tomcat
- 7 Linux Shells Using Built-in Tools
- Defeating 802.1x with Marvin
- No Nmap, No Permissions, No Problem
projects
- SQLi Exploiter: Exploiting Complex SQL Injections
- Recon-ng Update (v4.6.0)
- WUDS: Wi-Fi User Detection System
- Recon-ng Update (v4.0.0)
- Recon-ng Update (v3.3.3)
- Recon-ng Update (v3.0.3)
- Official Release: eapmd5crack.py
Recon-ng
tools
- SQLi Exploiter: Exploiting Complex SQL Injections
- Recon-ng Update (v4.6.0)
- WUDS: Wi-Fi User Detection System
- Recon-ng Update (v4.0.0)
- Recon-ng Update (v3.3.3)
- Recon-ng Update (v3.0.3)
- Official Release: eapmd5crack.py