Archives

2025

• 30 Jan Neo4j Injection / Cypher Cypher

2023

• 08 Jul Hunting for bugs that Scanners miss, and WAFs fail to detect: SteelCon Talk UK 2023
• 08 Jul Uncommon and Advanced Techniques for Account Takeover Attacks: BSides Talk Leeds 2023

2021

• 15 Oct Story of OS Command Injection worth $7500

2020

• 07 May The Bad Twin: a peculiar case of JWT exploitation scenario leading to Account Taker Over

2019

• 14 May Think Outside the Scope: Advanced CORS Exploitation Techniques

2018

• 15 Jun Old but Gold: Exploiting ASP.NET Padding Oracle MS10-070