Archives

2025

Exploiting GraphQL Secondary Context Attacks

Exploiting GraphQL Secondary Context Attacks

2022

Pulling Specific Files from the Trickest Inventory (or any Github project)

Pulling Specific Files from the Trickest Inventory (or any Github project)

🎉 burpsuite-project-file-parser v1.1 🎉

🎉 burpsuite-project-file-parser v1.1 🎉

Building on an AppSec Pipeline with Burp Suite data - Part 2

Building on an AppSec Pipeline with Burp Suite data - Part 2

Building on an AppSec Pipeline with Burp Suite data - Part 1

Building on an AppSec Pipeline with Burp Suite data - Part 1

2019

SSRF Protocol Smuggling in Plaintext Credential Handlers : LDAP

SSRF Protocol Smuggling in Plaintext Credential Handlers : LDAP

2018

odle ruby gem: piping security data

odle ruby gem: piping security data

2016

Exploiting CVE-2016-4264 With OXML_XXE

Exploiting CVE-2016-4264 With OXML_XXE

Finding Hosts Using SSL Certificate Organization And Censys

Finding Hosts Using SSL Certificate Organization And Censys

Exploiting XXE In File Upload Functionality

Exploiting XXE In File Upload Functionality

Cloud Metadata URL List

Cloud Metadata URL List

2015

XML Entity Cheatsheet - Updated

XML Entity Cheatsheet - Updated

Blackhat 2015 Arsenal

Blackhat 2015 Arsenal

Simple Ruby Exec with Open and Pipe

Simple Ruby Exec with Open and Pipe

Exploiting XXE Vulnerabilities in OXML Documents - Part 1

Exploiting XXE Vulnerabilities in OXML Documents - Part 1

ldapsearch notes

ldapsearch notes

Search all Github Repositories for an Organization

Search all Github Repositories for an Organization

2014

Searching Through Git Commits

Searching Through Git Commits

XML Entity Cheatsheet

XML Entity Cheatsheet

IPv6 DNS Guessing Notes

IPv6 DNS Guessing Notes

Blackhat 2014 Arsenal Experience

Blackhat 2014 Arsenal Experience