| 2018-09-19 | When EL Injection meets Java Deserialization | re4lity | 2526 | |
| 2018-09-19 | Intercepting and Modifying responses with Chrome via the Devtools Protocol | re4lity | 2453 | |
| 2018-09-19 | A Tale of Two Bugs · Our Machinery | re4lity | 1882 | |
| 2018-09-19 | XSS Vulnerabilities in Multiple iFrame Busters Affecting Top Tier Sites | re4lity | 2183 | |
| 2018-09-19 | Peekaboo Critical Vulnerability in NUUO Network Video Recorder | re4lity | 1554 | |
| 2018-09-19 | Cheatsheet - Flask & Jinja2 SSTI | re4lity | 2630 | |
| 2018-09-19 | 碎碎念之Afl-fuzz Docker实践 | re4lity | 1888 | |
| 2018-09-14 | Android平台间谍软件BusyGasper分析 | birk | 9029 | |
| 2018-09-09 | 突破限制—一份安全编写和审计Chrome扩展程序的指南(下) | ginove | 2664 | |
| 2018-09-07 | 突破限制—一份安全编写和审计Chrome扩展程序的指南(上) | ginove | 1650 | |
| 2018-09-06 | 子域名劫持指南 | YSN | 4264 | |
| 2018-09-02 | 利用GIXY发现错误的Nginx配置 | ginove | 5384 | |
| 2018-09-02 | 技术报告:绕过工作流保护机制 - SharePoint远程代码执行 | ginove | 2178 | |
