- Animated Bugs: The New Remote Attack Surface In Telegram @ HITBCW2021 November 24, 2021
- Pre-auth root remote code execution in QNAP NAS May 19, 2021
- Hunting for bugs in Telegram's animated stickers remote attack surface February 16, 2021
- Pre-auth remote code execution in Infinite WP Admin Panel December 8, 2020
- Old tools to follow technical news November 7, 2020
- Sometimes they come back: exfiltration through MySQL and CVE-2020-11579 July 28, 2020
- Bitwarden Server 1.35.1 Blind Server-Side Request Forgery (SSRF) July 16, 2020
- Web tracking via HTTP cache cross-site leaks September 8, 2019
- On insecure zip handling, Rubyzip and Metasploit RCE (CVE-2019-5624) April 24, 2019
- Nagios XI 5.5.10: XSS to # April 10, 2019
- CVE-2018-17057: yet another phar deserialization in TCPDF March 17, 2019
- XSSGame by Google at #HITB2017AMS Writeup April 26, 2017