Hacking Hackers for fun and profitThis story will be in several parts. In each of the situations, I had to face unexpected results. By and large, these are stories that have…Jan 9, 20232Jan 9, 20232
How I accidentally hacked many companies using N/A vulnerability in Atlassian CloudBelow you will learn in detail about the discovered vulnerability that allowed me to get about 15000$ in bounty with all secrets from the…Nov 19, 20212Nov 19, 20212
Credential stuffing in Bug bounty huntingBug hunting is not always about looking for classic vulnerabilities (XSS, SQLi, SSRF, RCE, etc). Sometimes it is a search for a new problem…Jul 13, 20211Jul 13, 20211
$10,000 for a vulnerability that doesn’t existA couple of months ago, an interesting story happened to me. I caught a Path Traversal issue with no chance to reproduce it again.Jan 7, 2021Jan 7, 2021
From CRLF to Account TakeoverAt the beginning of March,while researching one site I discovered the new functionality. The functionality allowed the user to login via…Jun 3, 2020Jun 3, 2020
Published inInfoSec Write-upsBroke limited scope with a chain of bugsOne morning, I was asked to participate in a private bug bounty program. In general, my experience in security is based on such private…Mar 9, 2020Mar 9, 2020
Critical vulnerabilities in Pulse Secure and Fortinet SSL VPNs in the Wild InternetInfiltrating Corporate Intranet like Banks, Governments, Airports became possible with vulnerable SSL VPN clients.Sep 2, 20191Sep 2, 20191
Jenkins RCE PoC or simple pre-auth remote code execution on the Server.Once upon a time, a friend of mine asked me a question — "Do you know any fresh RCE for the Jenkins environment ?". I was informed already…Aug 19, 2019Aug 19, 2019
Two Easy RCE in Atlassian ProductsIt was a long time from my last article. It was so many interesting results in my work. Seems that it's right time to share my knowledge…Aug 9, 20192Aug 9, 20192
SSRF Vulnerability due to Sentry misconfigurationThat story happened when I saw that disclosed report.May 27, 20193May 27, 20193
How I hacked Vending MachineIn our day's many things trying to be "smart". In that article, I wanna share an interesting story about smart vending machines. In order…Apr 15, 2019Apr 15, 2019
SSRF vulnerability via FFmpeg HLS processingOnce I performed pentest for one famous company. The object of testing was a platform for searching, licensing and managing music with…Apr 9, 20191Apr 9, 20191
How to perform Phishing Attack with 2FAA few weeks ago I realized that it's should be interesting to learn about phishing campaign and how to perform it. I divide that story…Mar 25, 20191Mar 25, 20191
From basic User to full right Admin access on the server (via XSS, LFI, WebShell)Imagine that you have a business in partnership with someone. At some point, you have an internal conflict. What will you do as a main…Jan 9, 2019Jan 9, 2019
Published inInfoSec Write-upsSubdomain Takeover — New LevelRecently, I began to receive a requests to make pentest work some projects (aka private bug bounty). And in such projects I do my best…Dec 17, 20182Dec 17, 20182
My first XML External Entity (XXE) attack with .gpx fileHello guys! Thanks for subscribing and liking! Since the last project which I was involved — there is one thing which I want to share with…Aug 10, 20181Aug 10, 20181
Published inInfoSec Write-upsHow to bypass certificate validation (SSL pinning)This article will be as usual "How to …" which i learned from the last month. I wrote this to not forget something special and share with…Jun 20, 20183Jun 20, 20183
Subdomain takeover with Shopify, Heroku and something more …It’s a typical story which happens to me time to time.May 16, 20183May 16, 20183
BurpSuit + SqlMap = One LoveSorry, but it's not hacking writeup. I am on a way to prepare it. Just need more time with this to not make harm many companies before they…Apr 24, 20181Apr 24, 20181
How I hacked one cryptocurrency serviceA couple of weeks ago one morning began not as usual.Mar 31, 20181Mar 31, 20181
