1) Intro & Motivations

At the start of of this year, I set myself a personal goal of finding 365 bugs in 365 days.

This was entirely motivated by wanting to challenge myself to find more security issues as I felt I'd been slacking off.

I thought back to…

When gaining shell access to a machine on a network, a promising attack vector is to check the internal network for web applications and services that may be accessible from the machine that has been compromised.

Often, internal web applications are found…

As of late, a fair few companies and startups have been using dedicated URL shortner services to use for tracking and social media purposes. An example link from such URL shortners look like this invent.ge/1j1QxGo or invent.ge/DNATool. Note that both custom…

As of late, I have been pentesting more and more applications that use some sort of mechanism to prevent unauthorized access to directories based on client IP addresses. In many cases, this has proven to be a weak method of protection if implemented incorrectly.…

Security for young people is something I care about. We need to make an investment whether it be time, money or support or university outreach, to get younger people (preferrably students) to see security as a viable, exciting and worthwhile career. The real…

Exploiting Markdown Syntax

Markdown is wonderful. In fact, this blog post itself is written in Markdown. I don't need to use lengthy uneccessary HTML for simple things like links, tables, code blocks and lists. Nor do I need to go out of my way to do simple…

The reward for each time a submitted module is found in customers’ assets will be doubled for critical, high, and medium severity modules.

It's time for another round Citrix Patch Diffing! Earlier this month Citrix released a security bulletin which mentioned "unauthenticated buffer-related vulnerabilities" and two CVEs. These issues affected Citrix NetScaler ADC and NetScaler Gateway.

Over the last year or so, we've seen the mass exploitation of managed file transfer software. From GoAnywhere MFT, MOVEIt, and our own work on Citrix Sharefile. The threats towards enterprises through managed file transfer software has really hit home after…

When it comes to software engineering, you may often hear the phrase “Trust the process,” but when it comes to security, it’s more…

Have you heard of what a subdomain takeover is? Do you know the impact it has? Well, if you haven’t, I will shortly summarize it for you.

There are tons of cloud providers that offer different types of servers with a lot of different options. I will talk about the ones I…

This is a post about how I found a simple yet really critical vulnerability in a bug bounty program. It was the most critical bug I have…

There are lots of guides on how to start into Bug Bounty Hunting but I will share my personal experience of getting into bug bounty…

If you are familiar with what IDOR is, you will know that it can be anywhere from url, request body, GET or POST requests and yes, in…

This story will be in several parts. In each of the situations, I had to face unexpected results. By and large, these are stories that have…

Below you will learn in detail about the discovered vulnerability that allowed me to get about 15000$ in bounty with all secrets from the…

Bug hunting is not always about looking for classic vulnerabilities (XSS, SQLi, SSRF, RCE, etc). Sometimes it is a search for a new problem…

A couple of months ago, an interesting story happened to me. I caught a Path Traversal issue with no chance to reproduce it again.

At the beginning of March,while researching one site I discovered the new functionality. The functionality allowed the user to login via…