research Cookie Bugs - Smuggling & Injection Research on how browsers encode & send cookies, how they are parsed by various web frameworks, and some bugs
research Overlong Sec-Required-CSP header: CVE-2021-37989 abusing long http headers for cache probing
ctf Hosting a CTF - UIUCTF'21 Overview + Infra Thoughts on running UIUCTF21, competition decisions, and infrastructure writeup
web PlaidCTF 2021 - wowza - web (350pt) race condition + prototype pollution + SSRF via fetch() redirect
research Showcasing the Importance of Secure Defaults with a PyYAML 0day Bypassing PyYAML filtering and getting a CVE (2020-14343)
web CSAW CTF Finals 2019 - easiest crackme - Web (100,300,300 pt) Exploiting a chrome extension that allows you to debug binaries via RPC
writeups PlaidCTF 2019 - can you guess me - misc (100pt) Bypassing heavily filtered python code evaluation
web Pwning PHP CTF Challenges Short list and collection of links to learn about vulns used in PHP CTF Challenges