1. The regular expression simplifier (https://youtu.be/nlt4XKhucS4?t=1102) stood out as particularly interesting - I get the impression it was partly "mostly simple", and partly battle-tested/nontrivial/hand-tuned. Speaking not-entirely-rhetorically, this would probably be a very interesting tidbit to study.
2. You mentioned at https://youtu.be/nlt4XKhucS4?t=2272 in response to a question that you apparently pass PNGs and other binary content "straight through" (in the context of file upload), ie bypassing the WAF. Given things like...
- webpage in JPEG (http://lcamtuf.coredump.cx/squirrel/, https://news.ycombinator.com/item?id=12262470, https://news.ycombinator.com/item?id=4209052),
- JavaScript in EXIF (https://blog.sucuri.net/2013/07/malware-hidden-inside-jpg-ex...)
- PHP in EXIF (https://web.archive.org/web/20130708132109/https://websec.io...)
- HTML+JavaScript+1021 byte demo inside PNG: https://news.ycombinator.com/item?id=24824299, http://www.p01.org/MONOSPACE/ (general NB: "Packed version" link under "Additional links" actually loads the demo for me in Chrome, but clicking through from HN and loading the URL directly doesn't - some sort of bizarre CORS-related thing?)
...I presume the status quo has changed somewhat here. Hearing how/what's going on in this space would be very interesting.
Above link is direct download, which I'm biased towards since Chrome's PDF viewer supports left and right arrow keys.
Protip for users with tiny* screens: right-click video twice, enable Picture-in-Picture, arrange video so slides are still visible so you can follow along)
(* Specifically <24", ie laptops)
