A story about how I got several simple bugs (1 P2, 1 P3, and 2 P4s) on a target (that just allow Specific Country Code to...
- From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password – “password”
- Optimizing Hunting Results in VDP for use in Bug Bounty Programs - From Sensitive Information Disclosure to Accessing Hidden APIs which can be used to Retrieve Customer Data
- From Recon to Bypassing MFA Implementation in OWA by Using EWS Misconfiguration
- From 3,99 to 1,650 USD (Part I) – Simple Vertical Privilege Escalation by Changing HTTP Response
- From Recon to Optimizing RCE Results – Simple Story with One of the Biggest ICT Company in the World
- 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)
- CVE-2019–18624 – Illegal Rendered at Download Feature in Several Apps (including Opera Mini) that Lead to Extension Manipulation (with RTLO)
403 bypass lyncdiscover[.]microsoft[.]com
Mobile Pentesting 101 – Bypassing Biometric Authentication http://securitycafe.ro/2022/09/05/mobile-pentesting-101-bypassing-biometric-authentication/
CI/CD Goat: deliberately vulnerable CI/CD environment https://securityonline.info/ci-cd-goat-deliberately-vulnerable-ci-cd-environment/
Today I got a notification on my phone that YouTube had sent me a copyright report, claiming one of my videos violated copyright and my channel was going to receive a strike.
Except, my video didn't violate copyright. And YouTube didn't really send me a copyright report.