Archived
Chrome SOP-Bypass with SVG
Writeup of my Same-Origin Policy Bypass in Chrome with SVG (CVE-2014-3160).
Archived
Generic XXE Detection
Generic Detection of XML External Entity (XXE) Vulnerabilities.
Archived
Cross-Site WebSocket Hijacking (CSWSH)
Details about the vulnerability class I identified in the HTML5 WebSocket specification (RFC 6455).