2020

• From Bug Bounty Hunter, to Engineer, and Beyond

2016

• Obtaining Login Tokens for an Outlook, Office or Azure Account
• Uber Bug Bounty: Turning Self-XSS into Good-XSS
• An XSS on Facebook via PNGs & Wonky Content Types

2015

• Messenger.com Site-Wide CSRF
• Bypassing Google Authentication on Periscope's Administration Panel

2014

• Bug Bounties 101 - Getting Started
• SafeCurl "Capture the Bitcoins" Post-Mortem
• SafeCurl: SSRF Protection, and a "Capture the Bitcoins"

2013

• Abusing CORS for an XSS on Flickr
• Cookie Stealing on Customer Internet Connections
• Instagram's One-Click Privacy Switch
• Content Types and XSS: Facebook Studio
• Removing Covers Images on Friendship Pages, on Facebook
• Hijacking a Facebook Account with SMS
• Overwriting Banner Images on Etsy
• Stealing Facebook Access Tokens with a Double Submit