Recent Posts

• Analyzing the Next.js Middleware Bypass (CVE-2025-29927)
  by infosecauon 3/24/2025, 8:50:27 AM with 0 comments
• So, you want to get into bug bounties?
  by infosecauon 11/26/2022, 9:36:20 AM with 0 comments
• Exploiting Static Site Generators: When Static Is Not Static
  by infosecauon 11/1/2022, 7:17:58 AM with 0 comments
• Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135)
  by infosecauon 7/6/2022, 1:03:21 AM with 0 comments
• Cloudflare Pages, part 1: The fellowship of the secret
  by infosecauon 5/6/2022, 1:53:13 PM with 2 comments
• Hacking a Bank by Finding a 0day in DotCMS
  by infosecauon 5/5/2022, 1:20:15 AM with 0 comments
• Eliminating Dangling Elastic IP Takeovers with Ghostbuster
  by infosecauon 2/15/2022, 8:39:23 PM with 0 comments
• Turning Bad SSRF to Good SSRF: Websphere Portal
  by infosecauon 12/28/2021, 11:07:36 PM with 0 comments
• Exploiting GraphQL
  by infosecauon 8/30/2021, 10:59:50 PM with 0 comments
• Taking over Uber accounts through voicemail
  by infosecauon 7/4/2021, 2:07:40 AM with 4 comments
• Hacking IIS
  by infosecauon 3/20/2021, 1:06:21 PM with 0 comments
• Attack of the clones: Git clients remote code execution
  by infosecauon 11/7/2020, 5:18:52 AM with 0 comments
• Finding Hidden Files and Folders on IIS Using BigQuery
  by infosecauon 9/20/2020, 9:48:32 PM with 0 comments
• Hacking on Bug Bounties for Four Years
  by infosecauon 9/17/2020, 1:29:10 AM with 5 comments
• Taking over Azure DevOps accounts with one click
  by infosecauon 7/1/2020, 12:56:28 PM with 6 comments
• Expanding the Attack Surface: React Native Android Applications
  by infosecauon 2/2/2020, 9:48:29 PM with 5 comments
• CVE-2019-0604: Details of a Microsoft Sharepoint RCE Vulnerability
  by infosecauon 3/23/2019, 3:46:26 AM with 0 comments
• Discovering a zero day and getting code execution on Mozilla's AWS Network
  by infosecauon 3/19/2019, 12:42:23 AM with 0 comments
• Gaining access to Uber's user data through AMPScript evaluation
  by infosecauon 1/14/2019, 1:21:05 PM with 0 comments
• Leveraging web application vulnerabilities to steal NTLM hashes
  by infosecauon 12/24/2017, 12:09:42 PM with 0 comments
• Commonspeak: Content discovery wordlists built with BigQuery
  by infosecauon 12/4/2017, 5:38:38 PM with 0 comments
• Breach Detection at Scale with PROJECT SPACECRAB
  by infosecauon 10/23/2017, 3:03:04 PM with 0 comments
• Exploiting Dolphin – Part 1
  by infosecauon 11/14/2016, 7:13:15 PM with 0 comments
• Taking Over DigitalOcean Domains via a Lax Domain Import System
  by infosecauon 8/26/2016, 4:50:51 AM with 31 comments
• SmashBot – An AI That Plays Super Smash Bros
  by infosecauon 6/7/2016, 3:42:17 PM with 0 comments
• Exploring the QNX shadowed password hash formats
  by infosecauon 12/28/2015, 4:12:21 AM with 0 comments
• Instagram's Million Dollar Bug
  by infosecauon 12/17/2015, 8:16:56 PM with 67 comments
• Severe bugs in 11 Indian startups worth $3B+ in a week
  by infosecauon 10/8/2015, 8:56:26 AM with 0 comments
• A survey of insecure Flash crossdomain policies
  by infosecauon 10/4/2015, 2:24:42 AM with 0 comments
• Abusing URL Shortners to discover sensitive resources or assets
  by infosecauon 9/22/2015, 6:50:17 PM with 0 comments
• Sonar – A Framework for Scanning and Exploiting Internal Hosts with a Webpage
  by infosecauon 8/24/2015, 10:36:53 AM with 0 comments
• What is in the first Ashley Madison leak?
  by infosecauon 8/21/2015, 8:48:22 PM with 0 comments