- Did the “Man With No Name” Feel Insecure?
https://googleprojectzero.blogspot.com/search?q=James+Forshaw&updated-max=2014-12-01T11:29:00-08:00&max-results=20&start=22&by-date=false (2014 8 20) - A Token’s Tale
https://googleprojectzero.blogspot.com/2015/02/a-tokens-tale_9.html - Windows 10^H^H Symbolic Link Mitigations
https://googleprojectzero.blogspot.com/search?q=James+Forshaw&updated-max=2015-10-15T09:31:00-07:00&max-results=20&start=18&by-date=false (2015 8 25) - Windows Sandbox Attack Surface Analysis
https://googleprojectzero.blogspot.com/search?q=James+Forshaw&updated-max=2015-12-04T13:28:00-08:00&max-results=20&start=16&by-date=false (2015 12 18) - Between a Rock and a Hard Link
https://googleprojectzero.blogspot.com/search?q=James+Forshaw&updated-max=2016-01-12T10:42:00-08:00&max-results=20&start=15&by-date=false (2015 12 4) - Raising the Dead
https://googleprojectzero.blogspot.com/search?q=James+Forshaw&updated-max=2016-02-29T09:40:00-08:00&max-results=20&start=14&by-date=false (2016 2 12) - The Definitive Guide on Win32 to NT Path Conversion
https://googleprojectzero.blogspot.com/search?q=James+Forshaw&updated-max=2016-03-21T02:18:00-07:00&max-results=20&start=13&by-date=false (2016 2 29) - Exploiting a Leaked Thread Handle
https://googleprojectzero.blogspot.com/search?q=James+Forshaw&updated-max=2016-08-16T11:41:00-07:00&max-results=20&start=12&by-date=false (2016 3 21) - Breaking the Chain
https://googleprojectzero.blogspot.com/search?q=James+Forshaw&updated-max=2017-04-28T09:23:00-07:00&max-results=20&start=10&by-date=false (2016 12 29) - Exploiting .NET Managed DCOM
https://googleprojectzero.blogspot.com/search?q=James+Forshaw&updated-max=2017-08-08T09:17:00-07:00&max-results=20&start=9&by-date=false (2017 4 28) - Windows Exploitation Tricks: Arbitrary Directory Creation to Arbitrary File Read
https://googleprojectzero.blogspot.com/search?q=James+Forshaw&updated-max=2017-08-23T09:10:00-07:00&max-results=20&start=8&by-date=false (2017 8 8) - Bypassing VirtualBox Process Hardening on Windows
https://googleprojectzero.blogspot.com/search?q=James+Forshaw&updated-max=2018-04-18T10:54:00-07:00&max-results=20&start=7&by-date=false (2017 8 23) - Windows Exploitation Tricks: Exploiting Arbitrary Object Directory Creation for Local Elevation of Privilege
https://googleprojectzero.blogspot.com/search?q=James+Forshaw&updated-max=2018-10-16T09:34:00-07:00&max-results=20&start=5&by-date=false (2018 8 16) - Injecting Code into Windows Protected Processes using COM
15. Windows Exploitation Tricks: Abusing the User-Mode Debugger
https://googleprojectzero.blogspot.com/search?q=James+Forshaw&updated-max=2017-02-14T16:03:00-08:00&max-results=20&start=0&by-date=true
16. Windows Exploitation Tricks: Exploiting Arbitrary File Writes for Local Elevation of Privilege
https://googleprojectzero.blogspot.com/search?q=James+Forshaw&updated-max=2017-02-14T16:03:00-08:00&max-results=20&start=5&by-date=true
17. Windows Exploitation Tricks: Exploiting Arbitrary Object Directory Creation for Local Elevation of Privilege(Tuesday, August 14, 2018)
https://googleprojectzero.blogspot.com/search?q=James+Forshaw&updated-max=2017-02-14T16:03:00-08:00&max-results=20&start=5&by-date=false
18. aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript
pesante's blog 