| Don't Trust the DOM: Bypassing XSS Mitigations via Script Gadgets |
Black Hat USA 2017
|
| Your Scripts in My Page - What Could Possibly Go Wrong? |
Black Hat Europe 2015
|
| Client-Side Protection Against DOM-Based XSS Done Right (tm) |
Black Hat Asia 2015
|
| Session Identifier are for Now, Passwords are Forever - XSS-Based Abuse of Browser Password Managers |
Black Hat Europe 2014
|
| Call To Arms: A Tale of the Weaknesses of Current Client-Side XSS Filtering |
Black Hat USA 2014
|
| On the Fragility and Limitations of Current Browser-Provided Clickjacking Protection Schemes |
WOOT '12
|