PinnedPublished inInfoSec Write-upsXSS on the Oauth callback URL with CSP bypass leading to zero-click account takeoverXSS on OAuth callback URL. Weaponizing the issue allowed zero-click account takeover.Oct 29, 20233Oct 29, 20233
PinnedPublished inInfoSec Write-upsAttacking AWS | Common Cognito MisconfigurationsMost common Cognito misconfigurationsJun 8, 20231Jun 8, 20231
PinnedPublished inInfoSec Write-upsExploiting Incorrectly Configured Load Balancer with XSS to Steal CookiesIntroductionJul 13, 20232Jul 13, 20232
PinnedPublished inInfoSec Write-upsCritical Finding on TP-Link service or how I got 0$Plaintext users credentials were leakingJun 1, 20231Jun 1, 20231
Published inInfoSec Write-upsForced SSO Session FixationDuring a recent project, I encountered an interesting small issue that allowed for a one-click account takeover by fixating a SSO session.Aug 16, 2024Aug 16, 2024
Published inInfoSec Write-upsPrivate Interact.sh server setup with a web dashboardSetting up an own interact-sh with a web dashboard, for testing Out-Of-Bands interactions.Apr 26, 2024Apr 26, 2024
Published inInfoSec Write-upsXML External Entity injection with error-based data exfiltrationIn-the-wild issue with XXE error-based data exfiltrationJan 29, 20241Jan 29, 20241
Exploiting vulnerabilities in LLM APIs [OS injection]This is a brief write-up on PortSwigger Lab: Exploiting vulnerabilities in LLM APIs.Jan 18, 2024Jan 18, 2024
Published inInfoSec Write-upsReverse SSH SOCKS proxy via Alpine imagePenetration testing often involves encountering fully restricted machines within the target network. How to build a gateway insideโฆOct 29, 2023Oct 29, 2023
Published inInfoSec Write-ups๐๐ ๐๐ง๐๐๐ซ๐ฌ๐ญ๐๐ง๐๐ข๐ง๐ ๐๐๐๐ ๐๐ง๐ ๐๐ฎ๐ข๐ฅ๐๐ข๐ง๐ ๐๐๐ฒ๐ฅ๐จ๐๐๐ฌ ๐ข๐ง ๐๐ข๐ง๐ฃ๐๐Jinja2 is a widely used template engine for Python web applications. However, it could be vulnerable to SSTI.Sep 6, 2023Sep 6, 2023
![Exploiting vulnerabilities in LLM APIs [OS injection]](https://miro.medium.com/v2/resize:fill:80:53/1*fFy4WqFw4akmZJyLClrnJg.png)
![Exploiting vulnerabilities in LLM APIs [OS injection]](https://miro.medium.com/v2/resize:fill:160:107/1*fFy4WqFw4akmZJyLClrnJg.png)
