The Facebook GraphQL Page object has a field page_owner_name which discloses the owner of a page. Timeline Jul 12, 2021 – Report sentJul 14, 2021 – Fixed by Facebook

The GraphQL Application has two fields (“created_by_name”, “created_by_uid”) that allow for disclosure of the creator of a Facebook application Timeline Jul 11, 2021 – Report sentJul 14, 2021 – Fixed by Facebook

Bulletin.com is Facebook’s new publication service. The VoiceCreator object in GraphQL has no apparent permissions, this means I can list the subscribers of a podcast/publication by email address.query a {bulletin_browse_publications(){__typename,publica…

I've been doing bug bounties for over 10 years now and over time, I have grown fonder of the life changing effects it has had for me. From job prospects, to being able to financially support those around me and myself. I believe that if you're passionate…

TL;DR when money is involved, things can get ugly. Your best bet is to be clear about the terms up-front and stick to the 50/50 rule. Don't share information with people you don't have the privilege to.

The thing that frustrates me about the bug bounty community…

In the last few days, I have been able to have productive conversations with my peers in the bug bounty community including Patrik who works on the triage team and Luke who leads community efforts from HackerOne. Patrik has helped clear up misconceptions…

You can find this blog post on Assetnote's blog.

You can find this blog post on Assetnote's blog.

You can find this blog post on Assetnote's blog.

You can find this blog post on Assetnote's blog.

You can find this blog post on Assetnote's blog.

You can find this blog post on Assetnote's blog.

1) Intro & Motivations

At the start of of this year, I set myself a personal goal of finding 365 bugs in 365 days.

This was entirely motivated by wanting to challenge myself to find more security issues as I felt I'd been slacking off.

I thought back to…

When gaining shell access to a machine on a network, a promising attack vector is to check the internal network for web applications and services that may be accessible from the machine that has been compromised.

Often, internal web applications are found…

In 2019, we published attacks on PDF Signatures and PDF Encryption . During our research and studying the related work, we discovered a lot...

This is a guest blogpost by Lauritz Holtmann . He wrote his master thesis: "Single Sign-On Security: Security Analysis of real-life OpenID C...

Last year we presented How to Spoof PDF Signatures . We showed three different attack classes. In cooperation with the CERT-Bund (BSI)...

During our joint research on DTLS state machines, we discovered a really interesting vulnerability (CVE-2020-2655) in the recent versions...

For this years hack.lu CTF I felt like creating a challenge. Since I work a lot with TLS it was only natural for me to create a TLS challen...

After investigating the security of  PDF signatures , we had a deeper look at PDF encryption. In co­ope­ra­ti­on with our friends from Mün...

A lot can go wrong when validating SAML messages . When auditing SAML endpoints, it's important to look out for vulnerabilities in the sign...