| 2021 Mar 17 | Attack Surface Analysis - Part 2 - Custom Protocol Handlers |
| 2021 Feb 17 | Automagically Deploying Websites with Custom Domains to Github Pages |
| 2021 Jan 17 | Some SANS Holiday Hack 2020 Solutions |
| 2021 Jan 8 | Attack Surface Analysis - Part 1 - Application Update:
'A Novel Way to Bypass Executable Signature Checks with Electron' |
| 2021 Jan 1 | The $15000 PlayStation Bounty |
| 2020 Nov 15 | Customizing Python's SimpleHTTPServer |
| 2020 Nov 1 | The Same-Origin Policy Gone Wild |
| 2020 Aug 13 | localghost: Escaping the Browser Sandbox Without 0-Days |
| 2020 Jul 25 | No, You Are Not Getting a CVE for That |
| 2020 Jun 22 | Thick Client Proxying - Part 11 - GOG Galaxy and Extract-SNI |
| 2020 May 17 | Go Slices and Their Oddities |
| 2020 May 9 | Thick Client Proxying - Part 10 - The hosts File |
| 2020 May 1 | Towards a Quieter Burp History |
| 2020 Apr 17 | The Encrypted Logz - Some Simple Reverse Engineering |
| 2020 Apr 5 | The Golang int and the Overlooked Bug |
| 2020 Mar 13 | Time Management For Systems Administrators - Lessons Learned |
| 2020 Feb 9 | Old ContextIS Challenge Solutions |
| 2020 Feb 6 | Documentation Writing for System Administrators - Notes |
| 2020 Jan 15 | Some SANS Holiday Hack 2019 Solutions |
| 2019 Dec 22 | Using Mozilla Rhino to Run JavaScript in Java |
| 2019 Dec 2 | Developing and Debugging Java Burp Extensions with Visual Studio Code |
| 2019 Nov 26 | Swing in Python Burp Extensions - Part 3 - Tips and Tricks |
| 2019 Nov 11 | Swing in Python Burp Extensions - Part 2 - NetBeans and TableModels |
| 2019 Nov 4 | Swing in Python Burp Extensions - Part 1 |
| 2019 Oct 13 | Quality of Life Tips and Tricks - Burp Suite |
| 2019 Jul 28 | Disabling Cascade Fan's Beep |
| 2019 Jun 18 | Chaining Three Bugs to Get RCE in Microsoft AttackSurfaceAnalyzer |
| 2019 Apr 28 | Thick Client Proxying - Part 9 - The Windows DNS Cache |
| 2019 Apr 21 | Disabling Burp's Update Screen - Part 1 - Analysis and Failures |
| 2019 Apr 17 | The Dark Side of "Manual Work is a Bug" |
| 2019 Apr 6 | Hiding OPTIONS - An Adventure in Dealing with Burp Proxy in an Extension |
| 2019 Mar 9 | path.Join Considered Harmful |
| 2019 Jan 31 | Cheating at Moonlighter - Part 4 - Defense |
| 2019 Jan 29 | Cheating at Moonlighter - Part 3 - Enabling Debug HUD |
| 2019 Jan 27 | Cheating at Moonlighter - Part 2 - Changing Game Logic with dnSpy |
| 2019 Jan 23 | Cheating at Moonlighter - Part 1 - Save File |
| 2019 Jan 19 | Notes on Escaping Python Shells |
| 2019 Jan 15 | SANS Holiday Hack Challenge 2018 Solutions |
| 2019 Jan 3 | Cloudflare Concise Christmas Cryptography Challenges 2019 Solutions |
| 2018 Dec 24 | Cryptography in Python Burp Extensions |
| 2018 Dec 22 | AES-CFB128: PyCrypto vs. Go |
| 2018 Dec 19 | Python Utility Modules for Burp Extensions |
| 2018 Dec 17 | Tiredful API - Part 2 - Comparing Site Maps with Burp |
| 2018 Dec 11 | Tiredful API - Part 1 - Burp Session Validation with Macros |
| 2018 Dec 4 | Cheap Integrity Checks with HEAD |
| 2018 Nov 18 | Pointers Inside for |
| 2018 Nov 10 | filepath.Ext Notes |
| 2018 Nov 1 | Windows Filetime Timestamps and Byte Wrangling with Go |
| 2018 Oct 28 | Blackfriday's Parser and Generating graphs with gographviz |
| 2018 Oct 26 | DEF CON 26 - Tineola - Youtube Video |
| 2018 Oct 6 | Gophercises - Lessons Learned |
| 2018 Oct 3 | Reflections on "Manual Work is a Bug" |
| 2018 Sep 27 | Tineola: Taking a Bite out of Enterprise Blockchain |
| 2018 Aug 25 | DVTA - Part 5 - Client-side Storage and DLL Hijacking |
| 2018 Aug 23 | Committing Insurance Fraud with Tineola |
| 2018 Aug 2 | DVTA - Part 4 - Traffic Tampering with dnSpy |
| 2018 Jul 30 | DVTA - Part 3 - Network Recon |
| 2018 Jul 21 | DVTA - Part 2 - Cert Pinning and Login Button |
| 2018 Jul 15 | DVTA - Part 1 - Setup |
| 2018 Jul 4 | Istanbul Tips and Tricks |
| 2018 Jun 5 | ContextIS xmas CTF Writeup |
| 2018 May 26 | On Username Enumeration |
| 2018 May 5 | Learning Go-Fuzz 2: goexif2 |
| 2018 Apr 29 | Learning Go-Fuzz 1: iprange |
| 2018 Apr 24 | Semi-Automated Cloning: Pain-Free Knowledge Base Creation |
| 2018 Apr 24 | Deploying my Knowledge Base at parsiya.io to S3 with Travis CI |
| 2018 Apr 15 | Adding Custom Chroma Styles to Hugo Themes |
| 2018 Mar 17 | Blockchain Security Talk at NoVA Hackers |
| 2018 Mar 1 | The Great Hiatus |
| 2018 Feb 25 | Extracting PNG Chunks with Go |
| 2018 Feb 22 | CAP Theorem and Credit Cards |
| 2018 Feb 21 | Byzantine Generals' Problem |
| 2018 Feb 18 | Byzantine Fault Tolerance and the Telephone Game |
| 2018 Feb 8 | Notes from NISTIR 8202 - Blockchain Technology Overview January 2018 Draft |
| 2018 Jan 29 | VirtualBox Live State File Format |
| 2018 Jan 23 | Mounting Live Snapshots of Encrypted VMs in VirtualBox |
| 2018 Jan 19 | Decoding Large Base64 Files with Go |
| 2017 Dec 29 | Simple SSH Harvester in Go |
| 2017 Dec 19 | Windows XP 32-bit SP3 Virtual Machines |
| 2017 Dec 3 | Go and pcaps |
| 2017 Nov 29 | "Hacking" Car Mechanic Simulator 2015 |
| 2017 Nov 27 | cmd Startup Commands |
| 2017 Nov 15 | WinAppDbg - Part 4 - Bruteforcing FlareOn 2017 - Challenge 3 |
| 2017 Nov 15 | WinAppDbg - Part 3 - Manipulating Function Calls |
| 2017 Nov 11 | WinAppDbg - Part 2 - Function Hooking and Others |
| 2017 Nov 9 | WinAppDbg - Part 1 - Basics |
| 2017 Oct 26 | Silly Attack Using Run Line |
| 2017 Oct 23 | Run Line vs. cmd vs. PowerShell |
| 2017 Oct 8 | Thick Client Proxying - Part 8 - Notes on Proxying Windows Services |
| 2017 Oct 7 | Thick Client Proxying - Part 7 - Proxying .NET Applications via Config File |
| 2017 Sep 21 | Razer Comms |
| 2017 Aug 6 | TLDR: Base64 |
| 2017 Jul 8 | From Atom to Sublime Text |
| 2016 Aug 1 | The Great Hiatus |
| 2016 Jul 28 | Thick Client Proxying - Part 6: How HTTP(s) Proxies Work |
| 2016 Jul 14 | Gynvael Coldwind - Garage4Hackers - Notes from March 2014 |
| 2016 Jun 7 | Windows Netsh Interface Portproxy |
| 2016 Jun 1 | Learning Go |
| 2016 May 15 | Thick Client Proxying - Part 5: FileHippo App Manager or the Bloated Hippo |
| 2016 May 9 | Looking for Apps to Proxy |
| 2016 Apr 14 | Cloudfront and TLS |
| 2016 Apr 7 | Thick Client Proxying - Part 4: Burp in Proxy Chains |
| 2016 Apr 3 | Hugo Octopress Update |
| 2016 Apr 2 | Thick Client Proxying - Part 3: Burp Options and Extender |
| 2016 Mar 29 | Thick Client Proxying - Part 2: Burp History, Intruder, Scanner and More |
| 2016 Mar 27 | Thick Client Proxying - Part 1: Burp Interception and Proxy Listeners |
| 2016 Feb 21 | Installing Burp Certificate Authority in Windows Certificate Store |
| 2016 Feb 14 | Archive Page in Hugo |
| 2016 Feb 2 | From Octopress to Hugo |
| 2016 Jan 31 | Why Hugo? |
| 2015 Nov 14 | Intro to .NET Remoting for Hackers |
| 2015 Oct 19 | Proxying Hipchat Part 3: SSL Added and Removed Here :^) |
| 2015 Oct 9 | Proxying Hipchat Part 2: So You Think You Can Use Burp? |
| 2015 Oct 8 | Proxying Hipchat Part 1: Where did the Traffic Go? |
| 2015 Aug 1 | Network Traffic Attribution on Windows |
| 2015 Jul 26 | Image Popup and Octopress |
| 2015 Jan 6 | Tales from the Crypt(o) - Leaking AES Keys |
| 2014 Dec 8 | Pin Adventures - Chapter 1 - PinSolver Mk1 |
| 2014 Nov 18 | Building memfetch on Kali + Comments |
| 2014 Sep 23 | My Adventure with Fireeye FLARE Challenge |
| 2014 Sep 21 | Malware Adventure |
| 2014 Sep 2 | Fireeye's FLARE Challenge |
| 2014 Jul 3 | Apple's Common Crypto Library Defaults to a Zero IV if One is not Provided |
| 2014 Jun 25 | Piping SSL/TLS Traffic from SoapUI to Burp |
| 2014 May 25 | Pasting Shellcode in GDB using Python |
| 2014 Apr 22 | Amazon S3 and CSS |
| 2014 Apr 20 | Now hosted on Amazon S3 |
| 2013 Nov 17 | How do I TLS Ciphersuite? |
| 2013 Sep 29 | Microsoft Bluehat Challenges |
| 2013 Sep 23 | Snow Crash and Malware |
| 2013 Sep 20 | Update Inc |
| 2013 Sep 15 | MarkDown and Cookie Clicker |
| 2013 Sep 14 | Hello Octopress |