Evercookie
Hacking Auto-Complete (Safari v1, Safari v2 TabHack, Firefox, Internet Explorer)
Cookie Eviction
Converting unimplementable Cookie-based XSS to a persistent attack
phpwn: Attack on PHP sessions and random numbers
NAT Pinning: Penetrating routers and firewalls from a web page (forcing router to port forward)
Mapping a web browser to GPS coordinates via router XSS + Google Location Services without prompting the user
XSHM Mark 2
MitM DNS Rebinding SSL/TLS Wildcards and XSS
Using Cookies For Selective DoS and State Detection
Quick Proxy Detection
Flash Camera and Mic Remember Function and XSS
Improving HTTPS Side Channel Attacks
Side Channel Attacks in SSL
Turning XSS into Clickjacking
Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution
CSS History Hack In Firefox Without JavaScript for Intranet Portscanning
Popup & Focus URL Hijacking
Hacking Facebook with HTML5
Stealing entire Auto-Complete data in Google Chrome
Chrome and Safari users open to stealth HTML5 AppCache attack
DNS Rebinding on Java Applets
Strokejacking
The curse of inverse strokejacking
Re-visiting JAVA De-serialization: It can't get any simpler than this !!
Fooling B64_Encode(Payload) on WAFs and filters
MySQL Stacked Queries with SQL Injection...sort of
A Twitter DomXss, a wrong fix and something more
Get Internal Network Information with Java Applets
Java DSN Rebinding + Java Same IP Policy = The Internet Mayhem
Java Applet Same IP Host Access
ASP.NET 'Padding Oracle' Crypto Attack
Posting raw XML cross-domain
Generic cross-browser cross-domain theft
One vector to rule them all
HTTP POST DoS
Penetrating Intranets through Adobe Flex Applications
No Alnum JavaScript (cheat sheet, jjencode demo)
Attacking HTTPS with Cache Injection
Tapjacking: owning smartphone browsers
Breaking into a WPA network with a webpage
XSS-Track: How to quietly track a whole website through single XSS
Next Generation Clickjacking
XSSing client-side dynamic HTML includes by hiding HTML inside images and more
Stroke triggered XSS and StrokeJacking
Internal Port Scanning via Crystal Reports
Lost in Translation (ASP's HomoXSSuality)
Cross Site URL Hijacking by using Error Object in Mozilla Firefox
JavaSnoop
IIS1 Directory Authentication Bypass by using ":$I30:$Index_Allocation"
Universal XSS in IE8
padding oracle web attack (poet, Padbuster, demo)
IIS6/ASP & file upload for fun and profit
Google Chrome HTTP AUTH Dialog Spoofing through Realm Manipulation
NoScript Bypass - "Reflective XSS" through Union SQL Poisoning Trick
Persistent Cross Interface Attacks
Port Scanning with HTML5 and JS-Recon
Performing DDoS attacks with HTML5 Cross Origin Requests & WebWorkers
Cracking hashes in the JavaScript cloud with Ravan
Will it Blend?
Stored XSS Vulnerability @ Amazon
Poisoning proxy caches using Java/Flash/Web Sockets
How to Conceal XSS Injection in HTML5
Expanding the Attack Surface
Chronofeit Phishing
Non-Obvious (Crypto) Bugs by Example
SQLi filter evasion cheat sheet (MySQL)
Tabnabbing: A New Type of Phishing Attack
UI Redressing: Attacks and Countermeasures Revisited