infosec write-ups and ramblings
Information is key. What sort of information could be in an Air Force Database? Who would get hurt by that data? Who would it benefit? In 2017, 17-year-old me easily gained access to an Air Force database. Back then, I practiced in the DoD's Vulnerability Disclosure Program (VDP). I was looking at…
Corben Leo
I found a Server-Side Request Forgery in March 2022 (well, more than one luckily)! But let's talk about the coolest one. So you can learn. I don't like talking about bounty amounts. (It's ok if you do, we all get excited) Instead, I'll show you how I found it: The scope of this program was *.███.…
Corben Leo
So you want to learn to hack. Want to participate in bug bounty? No problem. Here's a roadmap to follow so you can learn web hacking. Just remember: "Enduring growth cannot be achieved without a commitment to process"Learn to love the process of learning and bettering yourself. Take time to underst…
Corben Leo
👋🏼 introduction:This is a short write-up of how I progressed from discovering a Jenkins instance to getting shells on 8 Adobe Experience Manager servers and gaining edit access to a company's main sites. Along with this blog-post, I'm releasing a tool called jenkinz. Note: as this was a finding in…
Corben Leo
👋🏼 introduction:Recently I came across an Atlassian Crowd application while I was doing recon. If you're not familiar with Crowd, it is a centralized identity management application that allows companies to "Manage users from multiple directories - Active Directory, LDAP, OpenLDAP or Microsoft Azu…
Corben Leo