Pure randomness
-
1
Java: Possible RCEs in X.509 certificate validation [CVE-2018-2633][CVE-2017-10116]
-
2
Java: Exploiting your “unreachable” JRMP/RMI/JMX endpoints [CVE-2018-2800]
-
3
Java: Finally closing the door on JNDI remote classloading [CVE-2018-3149]
-
4
Beware the Nashorn: ClassFilter gotchas
-
5
PSA: Log4Shell and the current state of JNDI injection
Relentless Coding
-
1
Circumventing Antivirus Javascript Detection
-
2
Screen Unlock Meterpreter Script
-
3
Windows Vista + 7 Targets for Screen Unlock Script
-
4
Bypassing Antivirus using De-Obfuscation
-
5
New Javascript packer: JSidle
-
6
Combining the Quicktime "Marshaled_pUnk" exploit with JSidle
-
7
Meterpreter Script to extract chrome browser data
-
8
Social engineering with unicode filenames
-
9
Analyzing the Blackhole Exploit Kit 2.0 with JSDetox
-
10
JSDetox 0.2 released
RPISEC
-
1
TokyoWesterns CTF 2019 - gnote
-
2
CSAW CTF Qualification - Pop Goes the Printer
-
3
HITCON Qualification - LazyHouse
-
4
HITCON Qualification - GoGo PowerSQL
-
5
hxp 36C3 CTF - Compilerbot
-
6
Injecting into 32-bit programs on macOS Mojave
-
7
PlaidCTF 2020 golf.so
-
8
TikTok - A tcache tutorial with our dear friend Ke$ha
-
9
Arm Strong - CSAW Quals 2025
-
10
Colony Defense - CSAW Quals 2025
Sean Heelan’s Blog
-
1
Some Cool Projects from a Dagstuhl Seminar on SAT, SMT and CP
-
2
Automation in Exploit Generation with Exploit Templates
-
3
Gollum: Modular and Greybox Exploit Generation for Heap Overflows in Interpreters
-
4
PhD Thesis: Greybox Automatic Exploit Generation for Heap Overflows in Language Interpreters
-
5
Optimising an eBPF Optimiser with Prodfiler (Repost)
-
6
60%+ Performance Improvements with Continuous Profiling and Library Matching – Part 1/2 on Combining Dynamic and Static Analysis for Performance Optimisation
-
7
Finding 10x+ Performance Improvements in C++ with CodeQL – Part 2/2 on Combining Dynamic and Static Analysis for Performance Optimisation
-
8
Application optimisation with LLMs: Finding faster, equivalent, software libraries.
-
9
How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation
-
10
On the Coming Industrialisation of Exploit Generation with LLMs
shift or die
-
1
A portscan by email − HTTP over X.509 revisited
-
2
SMTP over XXE − how to send emails using Java’s XML parser
-
3
Fingerprinting Firefox users with cached intermediate CA certificates (#fiprinca)
-
4
mrmcd CTF writeup: Once Upon A Time
-
5
mrmcd CTF writeup: Friendly Machine
-
6
How to turn a Dromedary camel into a Bactrian camel
-
7
The strange case of the Jekyll and Hyde PDF
-
8
Introducing tmpnix - an alternative to static binaries for post exploitation
-
9
pdml2sbud - pretty network packets in your terminal
-
10
Turning off certificate validation with Java instrumentation
Skeleton Scribe
-
1
Chronofeit Phishing
-
2
Hackxor hacking game beta
-
3
Simulating targets for XSS/CSRF attacks in hacking games
-
4
JS-less XSS
-
5
Sparse Bruteforce Addon Detection
-
6
Phrack ebook
-
7
X-Frame-Options gotcha
-
8
Practical HTTP Host header attacks
-
9
Comma Separated Vulnerabilities
-
10
Exploiting Path Relative Style-Sheet Imports (PRSSI)
CSS Weekly
-
1
Transition to <code>height: auto;</code> & <code>display: none;</code> Using Pure CSS
-
2
Start Using Minimap Section Headers in VS Code
-
3
Top 5 CSS Navigation Menu Mistakes
-
4
Issue #630
-
5
Issue #631
-
6
Issue #632
-
7
How to debug <code>@starting-style</code> at-rule in Chrome DevTools
-
8
Issue #633
-
9
Issue #634
-
10
Issue #635