PinnedSerj NovoselovinInfoSec Write-upsXSS on the Oauth callback URL with CSP bypass leading to zero-click account takeoverXSS on OAuth callback URL. Weaponizing the issue allowed zero-click account takeover.6 min readยทOct 29, 2023--3--3
PinnedSerj NovoselovinInfoSec Write-upsAttacking AWS | Common Cognito MisconfigurationsMost common Cognito misconfigurations6 min readยทJun 8, 2023--1--1
PinnedSerj NovoselovinInfoSec Write-upsExploiting Incorrectly Configured Load Balancer with XSS to Steal CookiesIntroduction4 min readยทJul 13, 2023--2--2
PinnedSerj NovoselovinInfoSec Write-upsCritical Finding on TP-Link service or how I got 0$Plaintext users credentials were leaking5 min readยทJun 1, 2023--1--1
Serj NovoselovinInfoSec Write-upsPrivate Interact.sh server setup with a web dashboardSetting up an own interact-sh with a web dashboard, for testing Out-Of-Bands interactions.5 min readยทApr 26, 2024----
Serj NovoselovinInfoSec Write-upsXML External Entity injection with error-based data exfiltrationIn-the-wild issue with XXE error-based data exfiltration4 min readยทJan 29, 2024----
Serj NovoselovExploiting vulnerabilities in LLM APIs [OS injection]This is a brief write-up on PortSwigger Lab: Exploiting vulnerabilities in LLM APIs.2 min readยทJan 18, 2024----
Serj NovoselovinInfoSec Write-upsReverse SSH SOCKS proxy via Alpine imagePenetration testing often involves encountering fully restricted machines within the target network. How to build a gateway insideโฆ4 min readยทOct 29, 2023----
Serj NovoselovinInfoSec Write-ups๐๐ ๐๐ง๐๐๐ซ๐ฌ๐ญ๐๐ง๐๐ข๐ง๐ ๐๐๐๐ ๐๐ง๐ ๐๐ฎ๐ข๐ฅ๐๐ข๐ง๐ ๐๐๐ฒ๐ฅ๐จ๐๐๐ฌ ๐ข๐ง ๐๐ข๐ง๐ฃ๐๐Jinja2 is a widely used template engine for Python web applications. However, it could be vulnerable to SSTI.4 min readยทSep 6, 2023----
Serj NovoselovinInfoSec Write-upsClean SweepโโโUtilizing Robo-Vacuum for hidden Network PersistenceIntroduction5 min readยทAug 13, 2023--1--1