Blog Posts
A $1,000,000 bounty? The KuCoin User Information Leak
2023-05-18
Adapting to Endure – A Summary.
2022-11-29
A Simple SQL Injection in an Air Force Website
2022-11-19
A Fun SSRF through a Headless Browser
2022-05-06
Learn to Hack Web Apps
2022-04-24
Exposed Jenkins to RCE on 8 Adobe Experience Managers
2019-09-04
Analysis of an Atlassian Crowd RCE - CVE-2019-11580
2019-07-14
CI Knew There Would Be Bugs Here
2019-04-26
XSS to XXE in Prince v10 and below (CVE-2018-19858)
2018-12-05
Advanced CORS Exploitation Techniques
2018-06-16
Chaining Bugs to Steal Yahoo Contacts!
2018-01-11
Hacking the Hackers: Leveraging an SSRF in HackerTarget
2017-12-17
SQL Injection in rog.asus.com
2017-11-30
Tricky CORS Bypass in Yahoo! View
2017-11-27
H1-212 CTF Solution.pdf
2017-11-24
PHP Code Injection in X-Cart
2017-10-05
Stored XSS in Bandcamp
2017-06-30
Multiple XSS & CSRF in Pulse Connect Secure v8.3R1
2017-05-28
Reflected & Stored XSS in Invision Power Board
2017-05-09
Remote Code Execution in AT&T
2017-03-10
XSS in mail.aol.com
2017-01-09
Leveraging LFI to RCE using zip://.
2017-01-01