Case studies 6
- Nunjucks - Exploiting Second-Order SSTI (+ WAF Bypass technique)
- Weird state of PyPi ecosystem in 2025
- Exploiting "Random" generators in .NET Applications
- Testing LFI in Windows: How I (never) got a $30000 bounty
- PostgreSQL SQL injection: Updating data without UPDATE
- PostgreSQL SQL injection: SELECT only RCE