2022

• Jun 03
  Javascript Hoisting in XSS Scenarios

• Feb 21
  Betting Free, Winning More Free

2020

• Nov 22
  Potatoes - Windows Privilege Escalation

• Jul 17
  PostMessage Vulnerabilities. Part II

• Jun 12
  PostMessage Vulnerabilities. Part I

• Mar 29
  2 Path Traversal Cases

• Feb 19
  WAF Bypassing with Unicode Compatibility

• Jan 25
  Detecting valid tags/events on XSS exploitation.

2019

• Nov 30
  Exploiting XSS with 20 characters limitation

• Nov 11
  HSTS vs SSL Stripping attacks.

• Oct 10
  Common Cross-Site Scripting scenarios. 3 Bug Bounty cases

• Jun 15
  Binary Privilege Escalation in x64. Defeating ASLR with Leaks

• May 18
  Frida on non-rooted Android devices

• Apr 29
  Second Order SQLI: Automating with sqlmap

• Jan 27
  Powershell AV Evasion. Running Mimikatz with PowerLine

2018

• Dec 16
  XSS 101 - Solving Google's XSS Challenge

• Dec 02
  Building a botnet with Shodan

• Nov 26
  Process migration in Meterpreter

• Nov 11
  Controlling the domain controller (Part 2) - Multirelaying NTLMv2 tokens to gain authentication.

• Nov 04
  Controlling the domain controller (Part 1) - LLMNR poisoning with Responder.py and cracking NTLMv2 tokens

• Oct 23
  Libssh Authentication Bypass Detailed (CVE-2018-10933)

• Oct 18
  JS-Recon detailed. Analizying the internal network with a XSS

• Oct 07
  Auditing a Payment Processing of a Booking Framework