- March 18, 2022
Is it a string? Is it an integer? No, it's a valid admin token!
- November 9, 2021
A Brief Peek Behind the RE Curtain, Part One
- July 29, 2021
Adventures in PHP Static Analysis with Psalm
- July 24, 2021
How I Hack PHP Apps (Now)
- July 24, 2020
Exploiting an 'Unexploitable' SquirrelMail Bug for File Disclosure
- January 15, 2017
Protecting from the CPanel Ransomware That Doesn't Exist Yet
- January 7, 2017
Honeypotting for the Lazy: Weekend Fishing for Router Bots
- December 30, 2016
No, I didn't try to break Companies House
- March 18, 2014
Three leaks users numbers via web service
- January 7, 2014
Never let it be said that I waste time...