Gotta cache 'em all: bending the rules of web cache exploitation

Splitting the email atom: exploiting parsers to bypass access controls

Gudifu: Guided Differential Fuzzing for HTTP Request Parsing Discrepancies

Data Theft in Salesforce: Manipulating Public Links

When Certificates Fail: A Story of Bypassed MFA in Remote Access

SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff