Persistent Cookies and DNS Rebinding Redux
iPhone SSL Warning and Safari Phishing
RFC 1918 Blues
Slowloris HTTP DoS
CSRF And Ignoring Basic/Digest Auth
Hash Information Disclosure Via Collisions - The Hard Way
Socket Capable Browser Plugins Result In Transparent Proxy Abuse
XMLHTTPReqest "Ping" Sweeping in Firefox 5+
Session Fixation Via DNS Rebinding
Quicky Firefox DoS
DNS Rebinding for Credential Brute Force
SMBEnum
DNS Rebinding for Scraping and Spamming
SMB Decloaking
De-cloaking in IE0 Via Windows Variables
itms Decloaking
Flash Origin Policy Issues
Cross-subdomain Cookie Attacks
HTTP Parameter Pollution (HPP)
How to use Google Analytics to DoS a client from some website.
Our Favorite XSS Filters and how to Attack them
Location based XSS attacks
PHPIDS bypass
I know what your friends did last summer
Detecting IE in 12 bytes
Detecting browsers javascript hacks
Inline UTF-7 E4X javascript hijacking
HTML5 XSS
Opera XSS vectors
New PHPIDS vector
Bypassing CSP for fun, no profit
Twitter misidentifying context
Ping pong obfuscation
HTML5 new XSS vectors
About CSS Attacks
Web pages Detecting Virtualized Browsers and other tricks
Results, Unicode Left/Right Pointing Double Angel Quotation Mark
Detecting Private Browsing Mode
Cross-domain search timing
Bonus Safari XXE (only affecting Safari 4 Beta)
Apple's Safari 4 also fixes cross-domain XML theft
Apple's Safari 4 fixes local file theft attack
A more plausible E4X attack
A brief description of how to become a CA
Creating a rogue CA certificate
Browser scheme/slash quirks
Cross-protocol XSS with non-standard service ports
Forget sidejacking, clickjacking, and carjacking: enter "Formjacking"
MD5 extension attack
Attack - PDF Silent HTTP Form Repurposing Attacks
XSS Relocation Attacks through Word Hyperlinking
Hacking CSRF Tokens using CSS History Hack
Hijacking Opera's Native Page using malicious RSS payloads
Millions of PDF invisibly embedded with your internal disk paths
Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection
Pwning Opera Unite with Inferno's Eleven
Using Blended Browser Threats involving Chrome to steal files on your computer
Bypassing OWASP ESAPI XSS Protection inside Javascript
Hijacking Safari 4 Top Sites with Phish Bombs
Yahoo Babelfish - Possible Frame Injection Attack - Design Stringency
Gmail - Google Docs Cookie Hijacking through PDF Repurposing & PDF
IE8 Link Spoofing - Broken Status Bar Integrity
Blind SQL Injection: Inference thourgh Underflow exception
Exploiting Unexploitable XSS
Clickjacking & OAuth
Google Translate - Google User Content - File Uploading Cross - XSS and Design Stringency - A Talk
Active Man in the Middle Attacks
Cross-Site Identification (XSid)
Microsoft IIS with Metasploit evil.asp;.jpg
MSWord Scripting Object XSS Payload Execution Bug and Random CLSID Stringency
Generic cross-browser cross-domain theft
Popup & Focus URL Hijacking
Advanced SQL injection to operating system full control (whitepaper)
Expanding the control over the operating system from the database
HTML+TIME XSS attacks
Enumerating logins via Abuse of Functionality vulnerabilities
Hellfire for redirectors
DoS attacks via Abuse of Functionality vulnerabilities
URL Spoofing vulnerability in bots of search engines (#2)
URL Hiding - new method of URL Spoofing attacks
Exploiting Facebook Application XSS Holes to Make API Requests
Unauthorized TinyURL URL Enumeration Vulnerability