research

Analysis of an Atlassian Crowd RCE - CVE-2019-11580

👋🏼 introduction:Recently I came across an Atlassian Crowd application while I was doing recon. If you're not familiar with Crowd, it is a centralized identity management application that allows companies to "Manage users from multiple directories - Active Directory, LDAP, OpenLDAP or Microsoft Azu…

Corben Leo

“CI Knew There Would Be Bugs Here” — Exploring Continuous Integration Services as a Bug Bounty Hunter

When it comes to bug bounty hunting and finding exciting areas to explore, it is vital to familiarise yourself with the technologies that vendors and companies rely on.

Corben Leo

Advanced CORS Exploitation Techniques

I've seen some fantastic research done by Linus Särud and by Bo0oM on how Safari's handling of special characters could be abused. https://labs.detectify.com/2018/04/04/host-headers-safari/https://lab.wallarm.com/the-good-the-bad-and-the-ugly-of-safari-in-client-side-attacks-56d0cb61275aBoth article…

Corben Leo

corben.io

Tags

Analysis of an Atlassian Crowd RCE - CVE-2019-11580

“CI Knew There Would Be Bugs Here” — Exploring Continuous Integration Services as a Bug Bounty Hunter

Advanced CORS Exploitation Techniques