infosec write-ups and ramblings
I found a Server-Side Request Forgery in March 2022 (well, more than one luckily)! But let's talk about the coolest one. So you can learn. I don't like talking about bounty amounts. (It's ok if you do, we all get excited) Instead, I'll show you how I found it: The scope of this program was *.βββ.…
Corben Leo
So you want to learn to hack. Want to participate in bug bounty? No problem. Here's a roadmap to follow so you can learn web hacking. Just remember: "Enduring growth cannot be achieved without a commitment to process"Learn to love the process of learning and bettering yourself. Take time to underst…
Corben Leo
ππΌ introduction:This is a short write-up of how I progressed from discovering a Jenkins instance to getting shells on 8 Adobe Experience Manager servers and gaining edit access to a company's main sites. Along with this blog-post, I'm releasing a tool called jenkinz. Note: as this was a finding in…
Corben Leo
ππΌ introduction:Recently I came across an Atlassian Crowd application while I was doing recon. If you're not familiar with Crowd, it is a centralized identity management application that allows companies to "Manage users from multiple directories - Active Directory, LDAP, OpenLDAP or Microsoft Azu…
Corben Leo
When it comes to bug bounty hunting and finding exciting areas to explore, it is vital to familiarise yourself with the technologies that vendors and companies rely on.
Corben Leo