Sitemap
Pages
Pages
Posts
Posts by category
- Articles
- Blog
- Subdomain Takeover Attacks
- Account Takeover via JWT Misconfiguration
- Account Takeover via OTP Mechanism
- LLM Prompt Injection
- Breaking Application Logic with Negative User Input
- Exploiting Android Architecture
- Exploiting a File Upload Mechanism to Gain RCE
- HTTP Security Headers
- Insecure Randomness
- Cracking JWT Vulnerabilities
- Bypassing Content-Security-Policy (CSP)
- Top 10 Node.js Security Best Practices
- Exploiting OpenID for Account Takeover
- Firebase Common Security Misconfigurations
- ReDoS Attacks
- Web Cache Poisoning & Deception
- How We Exploited Auth0 Misconfigurations
- RCE via Dependency Confusion Attack
- GraphQL Common Attack Vectors
- SSRF with DNS Rebinding
- SOP vs CORS
- AWS Cognito Misconfigurations
- WebSocket Misconfigurations
- NoSQL Injection
- JSON Injection
- Burp Extension: Authentication Token Obtain and Replace (ATOR)
- How We Bypassed File Upload Restrictions
- Privilege Escalation: Unauthenticated User to Admin
- How We Were Able to Access User Personal Data
- How We Were Able to Fetch Internal Server Resources