Most common security vulnerabilities in npm static content/file servers modules

https://github.com/bl4de/research/blob/master/npm-static-servers-most-common-issues/npm-static-servers-most-common-issues.md

Hidden directories and files as a source of sensitive information about web application

Some analysis about how to get information about web application from folders like .git , .idea and similar. https://github.com/bl4de/research/tree/master/hidden_directories_leaks

As a part of this, I'm working on tool (in Python) to extract data from revealed Git repositories:

https://github.com/bl4de/security-tools/tree/master/diggit

RAA Ransomware JavaScript code analysis

Detailed, step-by-step analysis of RAA ransomware, created entirely in JavaScript

https://github.com/bl4de/research/tree/master/raa-ransomware-analysis

Simple JavaScript malware code deobfuscation walkthrough

JavaScript malware code deobfuscation step-by-step walkthrough

https://github.com/bl4de/research/blob/master/javascript-malware-obfuscation/Simple_JavaScript_malware_code_obfuscation_examples.md