PinnedPublished inInfoSec Write-upsIdentifying and Exploiting Unsafe Deserialization in RubyIntroductionAug 1, 2023Aug 1, 2023
Published inInfoSec Write-upsCrossing The Borders : The illegal trade of HTTP requestsTL;DR, This blog post will be the first in a series of posts that will go through some tips and tricks about finding and exploiting http…Dec 25, 2019Dec 25, 2019
Published inInfoSec Write-upsWhat do Netcat, SMTP and self XSS have in common? Stored XSSIf you are reading this you are probably wondering what is this? is this some kind of a joke? The answer is No, and it is not a clickbait…Jul 16, 20191Jul 16, 20191
Published inInfoSec Write-upsAccount takeover using IDOR and the misleading case of error 403.Hello and welcome again, today i want to share with you the story of how i found a quite simple bug in under 45 minutes this bug was there…Jun 11, 20192Jun 11, 20192
Published inInfoSec Write-upsToken Brute-Force to Account Take-over to Privilege Escalation to Organization Take-OverTL;DR, Not all web vulnerabilities are a result of a technical issue, functional bugs can have critical business impact. Here is the story…Dec 10, 2018Dec 10, 2018
Published inInfoSec Write-upsDUPLICATE BUT STILL COOLTL;DR, From low impact to account takeover to duplicate here is the story of a cool bug i found on a private program at HackerOne.Nov 5, 20183Nov 5, 20183
Published inInfoSec Write-upsIDOR IN JWT AND THE SHORTEST TOKEN YOU WILL EVER SEE {}.{“uid”: “1234567890”}TL;DR, JWT is in use by many of the big companies but some implementations are not that safe here is a bug that got me 1,500$Oct 30, 20186Oct 30, 20186
