Below you’ll find some of the actual projects I’m working on:
Developing Firefox Extensions (70%) – Paper
Because even most of the developers I know have no clue on how to build extensions for the Firefox web browser and because I don’t know of any easy and basic level tutorial, I started to write a paper in tutorial form about how to do this. Until now it has 30 DIN-A4 pages so it really has some content. It will cover just the basics on this topic, so that even non-programmers can learn how to develop Firefox extensions and also there are introductions on XUL, Javascript and even CSS.
Social Engineering – Let’s do it (0%) – Paper
Only a few people know, that I’m not just interested in web application security and web technologies security at all, I’m also very interested in Social Engineering. There exist already some papers on this topic but I’ll write one which goes into practical experience so that you really can get some social engineering skills and not just a basic knowledge on the topic.
XSIO (95%) – Paper
This is a paper about a “new” attack type but I don’t want to say more at the moment 
As you can see, it’s nearly finished (95%) or better say it’s finished but it will be reviewed by someone else before I release it to the public.
Fix your PHP Code without changing it (80%) – Paper
Out of a situation was in during my work, I think it would be helpful for some people when I write a paper about what I’ve done. The main problem discussed in this paper is, that you have a PHP application, you’re not allowed to change anything on the code but you have to fix security holes in it. It’s not about black magic but I think some people out there will be interested in it.
Wedowapi (65%) – Firefox Extension
This is a new approach on how to defend phishing attacks. It doesn’t need to connect to any server and it works for 100% of all standard phishing attacks (this means no XSS stuff and so on). It already works but now I’ve to build a GUI so that normal users can use and configure it. By the way, “Wedowapi” stands for “We Don’t Want Phishing” and yes I know it should be Wedowaphi but that looks ugly to me 
As you can see, I’ve enough to do and there are even some more projects in the pipeline, so you can expect some stuff from me in the near future.
PS: You might wonder why I’m writing papers, it’s just because I started working with LaTeX and it’s great 
Kevin Mitnick has a great book called “The Art of Deception” that is all about Social Engineering.
Hi Tony,
). In this paper I’ll also present an updated version of my attack model of SE because I think that I know some more stuff now then some years before when I made my first presentations on that topic.
yes I read Kevin’s book and I have to say that it’s very good for showing people how mighty social engineering techniques can be but it gives you as a reader from my point of view nothing more than a theoretical overview. The paper I’d like to write is one, that you should read when you already know what SE is. I’ll focus much more on how to do successful SE attacks yourself (and try to make the readers not criminals at the same time
Stay curious about the paper but you have to wait some months I think because it’s one of the last projects on my todo list because I’ve too much other things going on at the moment (for example also all the OWASP stuff in Switzerland).
Will you make an announcement when the papers are finished? Or is there a way we can sign up to be notified? There are definitely some topics that I am interested in and would like to see what you have to say.
Hi Paul,
you can subscribe to the news feed of my blog. I’ll announce all projects/papers in a separate posting when they become public available.
By the way just out of personal interest, in which of the mentioned topics are you interested?
PS: Just as an information, I finished the “Fix your PHP Code without changing it” paper yesterday and it’s now also ready for review. This means that this and also the “XSIO” paper will be released very soon