CSRF token disclosure via iFRAME and CAPTCHA trickery (2)
Parasitic computing using 'Cloud Browsers' (2)
Browser Event Hijacking (2, 3)
Cross-Site Port Attacks
How I Hacked StackOverflow
Visitor Tracking Without Cookies (or How To Abuse HTTP 301s)
The "I Know..." series. What websites know about you
Hyperlink Spoofing and the Modern Web
Pwning via SSRF (memcached, php-fastcgi, etc) (2, 3)
Using the HTML5 Fullscreen API for Phishing Attacks
Steam Browser Protocol Insecurity
Content Smuggling
Using HTTP headers pollution for mobile networks attacks (2)
CRIME (2)
Top-Level Universal XSS
Blended Threats and JavaScript
Exploiting XSS in Ajax Web Applications
.Net Cross Site Scripting -- Request Validation Bypassing
Stuffing Javascript into DNS names
Clickjacking Rootkits for Android (2)
How Facebook lacked X-Frame-Options and what I did with it
IE9 Self-XSS Blackbox Protection bypass
Bruteforce of PHPSESSID
File System API with HTML5 -- Juice for XSS
How to upload arbitrary file contents cross-domain
Bypassing HTTP Basic Authenitcation in PHP Applications (** potential rediscovery of: HTExploit -- Bypassing .htaccess restrictions **)
XSS: Gaining access to HttpOnly Cookie in 2012
CSS-Only Clickjacking
X-Frame-Options (XFO) Detection from Javascript
Fun with data: URLs
Browsers Anti-XSS methods in ASP (classic) have been defeated!
Yes, you can have fun with downloads
Stiltwalker, exploits weaknesses in the audio version of reCAPTCHA
CSS :visited may be a bit overrated
"ASPXErrorPath in URL" Technique in Scanning a .Net Web Application
Cursorjacking again
Chrome addon hacking (2, 3, 4, 5)
Jumping out of Touch Screen Kiosks
Using POST method to bypass IE-browser protected XSS
Password extraction from Ajax/DOM/HTML5 routine
Random Number Security in Python
Bypassing Flash's local-with-filesystem Sandbox
RCE through mangled WAR upload into Tomcat App Manager using PUT-in-Gopher-over-XXE (1)
Using WordPress as a intranet and internet port scanner
UI Redressing Mayhem: Firefox 0-Day And The LeakedIn Affair
UI Redressing Mayhem: HTTPOnly Bypass PayPwn Style
NTLM Relay via HTTP to internet or stealing windows user hashes while using java client
Bypassing CAPTCHAs by Impersonating CAPTCHA Providers (1,2)
CAPTCHA Re-Riding Attack
Attacking CAPTCHAs for Fun and Profit
Permanent backdooring of HTML5 client-side application [Apture example]
Cracking Ruby on Rails Sessions
Bruteforcing/Abusing search functions with no-rate checks to collect data
Cross Context Scripting from within the Browser (1)
Attacking OData: HTTP Verb Tunneling, Navigation Properties for Additional Data Access, System Query Options ($select)
Same Origin Spoofing to Attack Client Certificate Sessions