https://thomas.stacey.se/posts/Account-Takeover-in-Azure's-API-Management-Developer-Portal/ 2025-10-20T15:02:58+02:00 https://thomas.stacey.se/posts/Using-HTTP-request-smuggling-to-hijack-users'-sessions/ 2025-10-20T15:02:58+02:00 https://thomas.stacey.se/posts/Can-traditional-pen-testing-keep-up-with-modern-AppSec/ 2025-10-20T15:02:58+02:00 https://thomas.stacey.se/posts/Making-web-cache-deception-critical-in-30-minutes/ 2025-10-20T15:02:58+02:00 https://thomas.stacey.se/posts/Cross-site-scripting-attacks-in-action-and-how-to-protect-against-them/ 2025-10-20T15:02:58+02:00 https://thomas.stacey.se/posts/Empowering-junior-testers-strategies-for-uncovering-critical-vulns-in-web-applications/ 2025-10-20T15:02:58+02:00 https://thomas.stacey.se/posts/exploiting-permissive-cors-configurations/ 2025-10-20T15:02:58+02:00 https://thomas.stacey.se/posts/the-single-packet-shovel/ 2025-10-20T14:49:49+02:00 https://thomas.stacey.se/posts/how-to-join-the-desync-endgame/ 2026-03-05T10:20:05+01:00 https://thomas.stacey.se/posts/Burp-to-discord/ 2026-03-05T00:00:00+01:00 https://thomas.stacey.se/categories/ 2026-03-05T10:21:07+01:00 https://thomas.stacey.se/tags/ 2026-03-05T10:21:07+01:00 https://thomas.stacey.se/archives/ 2026-03-05T10:21:07+01:00 https://thomas.stacey.se/about/ 2026-03-05T10:21:07+01:00 https://thomas.stacey.se/ https://thomas.stacey.se/tags/outpost24/ https://thomas.stacey.se/tags/bug-bounty/ https://thomas.stacey.se/tags/webinar/ https://thomas.stacey.se/tags/exploit-development/ https://thomas.stacey.se/tags/assured/ https://thomas.stacey.se/tags/tooling/ https://thomas.stacey.se/categories/write-up/ https://thomas.stacey.se/categories/thoughts/ https://thomas.stacey.se/categories/presentation/ https://thomas.stacey.se/categories/research/