Hidden directories and files as a source of sensitive information about web application
Some analysis about how to get information about web application from folders like .git , .idea and similar. https://github.com/bl4de/research/tree/master/hidden_directories_leaks
As a part of this, I'm working on tool (in Python) to extract data from revealed Git repositories:
https://github.com/bl4de/security-tools/tree/master/diggit
Detailed, step-by-step analysis of RAA ransomware, created entirely in JavaScript
https://github.com/bl4de/research/tree/master/raa-ransomware-analysis
JavaScript malware code deobfuscation step-by-step walkthrough