2022

• A New Attack Surface on MS Exchange Part 4 - ProxyRelay!
• Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS

2021

• A New Attack Surface on MS Exchange Part 3 - ProxyShell!
• A New Attack Surface on MS Exchange Part 2 - ProxyOracle!
• A New Attack Surface on MS Exchange Part 1 - ProxyLogon!

2020

• How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM

2019

• Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!(EN)
• Hacking Jenkins Part 1 - Play with Dynamic Routing (EN)

2018

• Exim Off-by-one RCE: Exploiting CVE-2018-6789 with Fully Mitigations Bypassing
• Sandstorm Security Review

2017

• Road to Exim RCE - Abusing Unsafe Memory Allocator in the Most Popular MTA

2016

• Advisory: Accellion File Transfer Appliance Vulnerability