The Blog post about "Revisiting Cross Session Activation attacks" is now also public. Lateral Movement with code execution in the context of an active session?Here you go.
Getting RCE on Axis cameras via malicious app upload is nothing new. This post describes an alternative if the public PoC fails.
My latest blog post