| 409 |
Common Nginx misconfigurations that leave your web server open to attack |
2021-02-25 |
| 14 |
Common Nginx misconfigurations that leave your web server open to attack (2020) |
2024-05-28 |
| 4 |
SSL certificates could be leaking company secrets |
2021-11-12 |
| 2 |
Do not dismiss the small vulnerabilities (2018) |
2020-06-16 |
| 1 |
Hacker School Reboot – insights from leading API hackers [video] |
2022-12-26 |
| 1 |
Go 1.12 runtime can cause OOM (Out of memory) error |
2019-09-16 |
| 343 |
Hacking Slack using postMessage and WebSocket-reconnect to steal your token |
2017-03-01 |
| 334 |
How to Hack APIs in 2021 |
2021-08-10 |
| 295 |
How I hijacked the top-level domain of a sovereign state |
2021-01-15 |
| 240 |
I exploited TLS-SNI-01 issuing Let's Encrypt SSL-certs for any domain (2018) |
2019-01-28 |
| 19 |
Hacking CloudKit: How I accidentally deleted your Apple shortcuts |
2021-09-13 |
| 3 |
Thinking outside of the password manager box |
2019-02-28 |
| 3 |
GraphQL abuse: Bypass account level permissions through parameter smuggling |
2018-03-15 |
| 3 |
A deep dive into AWS S3 access controls – taking full control over your assets |
2017-07-13 |
| 2 |
Hacking CloudKit: How I accidentally deleted your Apple Shortcuts |
2024-09-24 |
| 2 |
Account hijacking using “dirty dancing” in sign-in OAuth-flows |
2022-07-07 |
| 2 |
Looking for TLS private keys on Docker Hub |
2022-06-17 |
| 2 |
Types of Web Vulnerabilities That Are Often Missed |
2021-10-05 |
| 2 |
How to set up Docker for Varnish HTTP/2 request smuggling |
2021-08-27 |
| 2 |
Middleware, middleware everywhere – and lots of misconfigurations to fix |
2021-02-26 |
| 2 |
Tackling modern PHP bug classes |
2020-09-17 |
| 2 |
XSS using a bug in Safari and why blacklists are stupid |
2018-10-19 |
| 2 |
XSS using quirky implementations of ACME http-01 |
2018-09-08 |
| 2 |
TrackMania – a Chrome plugin to stalk your friends on Tinder |
2017-10-24 |
| 1 |
What is a Prototype Pollution vulnerability and how does page-fetch help? |
2021-06-10 |
| 1 |
CVE-2020-29653: Stealing Froxlor login credentials using dangling markup |
2021-03-10 |
| 1 |
Scratching the surface of host headers in Safari |
2018-04-09 |
| 1 |
Using Google Analytics for data extraction |
2018-02-01 |
| 1 |
Stored XSS-Ing Millions of Sites Through HTML Comment Box |
2017-01-22 |
| 1 |
CSP flaws: cookie fixation |
2017-01-14 |