Blog Posts

A $1,000,000 bounty? The KuCoin User Information Leak

2023-05-18

Adapting to Endure – A Summary.

2022-11-29

A Simple SQL Injection in an Air Force Website

2022-11-19

A Fun SSRF through a Headless Browser

2022-05-06

Learn to Hack Web Apps

2022-04-24

Exposed Jenkins to RCE on 8 Adobe Experience Managers

2019-09-04

Analysis of an Atlassian Crowd RCE - CVE-2019-11580

2019-07-14

CI Knew There Would Be Bugs Here

2019-04-26

XSS to XXE in Prince v10 and below (CVE-2018-19858)

2018-12-05

Advanced CORS Exploitation Techniques

2018-06-16

Chaining Bugs to Steal Yahoo Contacts!

2018-01-11

Hacking the Hackers: Leveraging an SSRF in HackerTarget

2017-12-17

SQL Injection in rog.asus.com

2017-11-30

Tricky CORS Bypass in Yahoo! View

2017-11-27

H1-212 CTF Solution.pdf

2017-11-24

PHP Code Injection in X-Cart

2017-10-05

Stored XSS in Bandcamp

2017-06-30

Multiple XSS & CSRF in Pulse Connect Secure v8.3R1

2017-05-28

Reflected & Stored XSS in Invision Power Board

2017-05-09

Remote Code Execution in AT&T

2017-03-10

XSS in mail.aol.com

2017-01-09

Leveraging LFI to RCE using zip://.

2017-01-01