| 1. | | High fidelity check for Next.js/RSC RCE (CVE-2025-55182 and CVE-2025-66478) (slcyber.io) |
| 3 points by infosecau 21 days ago | past |
|
| 2. | | Analyzing the Next.js Middleware Bypass (CVE-2025-29927) (slcyber.io) |
| 2 points by infosecau 9 months ago | past |
|
| 3. | | So, you want to get into bug bounties? (shubs.io) |
| 2 points by infosecau on Nov 26, 2022 | past |
|
| 4. | | Exploiting Static Site Generators: When Static Is Not Static (assetnote.io) |
| 21 points by infosecau on Nov 1, 2022 | past |
|
| 5. | | Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135) (assetnote.io) |
| 1 point by infosecau on July 6, 2022 | past |
|
| 6. | | Cloudflare Pages, part 1: The fellowship of the secret (assetnote.io) |
| 28 points by infosecau on May 6, 2022 | past | 2 comments |
|
| 7. | | Hacking a Bank by Finding a 0day in DotCMS (assetnote.io) |
| 3 points by infosecau on May 5, 2022 | past |
|
| 8. | | Eliminating Dangling Elastic IP Takeovers with Ghostbuster (assetnote.io) |
| 2 points by infosecau on Feb 15, 2022 | past |
|
| 9. | | Turning Bad SSRF to Good SSRF: Websphere Portal (assetnote.io) |
| 2 points by infosecau on Dec 28, 2021 | past |
|
| 10. | | Exploiting GraphQL (assetnote.io) |
| 2 points by infosecau on Aug 30, 2021 | past |
|
| 11. | | Taking over Uber accounts through voicemail (assetnote.io) |
| 15 points by infosecau on July 4, 2021 | past | 5 comments |
|
| 12. | | Hacking IIS (drive.google.com) |
| 1 point by infosecau on March 20, 2021 | past |
|
| 13. | | Attack of the clones: Git clients remote code execution (blazeinfosec.com) |
| 5 points by infosecau on Nov 7, 2020 | past |
|
| 14. | | Finding Hidden Files and Folders on IIS Using BigQuery (assetnote.io) |
| 1 point by infosecau on Sept 20, 2020 | past |
|
| 15. | | Hacking on Bug Bounties for Four Years (assetnote.io) |
| 89 points by infosecau on Sept 17, 2020 | past | 10 comments |
|
| 16. | | Taking over Azure DevOps accounts with one click (assetnote.io) |
| 118 points by infosecau on July 1, 2020 | past | 25 comments |
|
| 17. | | Expanding the Attack Surface: React Native Android Applications (assetnote.io) |
| 37 points by infosecau on Feb 2, 2020 | past | 11 comments |
|
| 18. | | CVE-2019-0604: Details of a Microsoft Sharepoint RCE Vulnerability (thezdi.com) |
| 1 point by infosecau on March 23, 2019 | past |
|
| 19. | | Discovering a zero day and getting code execution on Mozilla's AWS Network (assetnote.io) |
| 4 points by infosecau on March 19, 2019 | past |
|
| 20. | | Gaining access to Uber's user data through AMPScript evaluation (assetnote.io) |
| 2 points by infosecau on Jan 14, 2019 | past |
|
| 21. | | Leveraging web application vulnerabilities to steal NTLM hashes (blazeinfosec.com) |
| 1 point by infosecau on Dec 24, 2017 | past |
|
| 22. | | Commonspeak: Content discovery wordlists built with BigQuery (pentester.io) |
| 1 point by infosecau on Dec 4, 2017 | past |
|
| 23. | | Breach Detection at Scale with PROJECT SPACECRAB (atlassian.com) |
| 1 point by infosecau on Oct 23, 2017 | past |
|
| 24. | | Exploiting Dolphin – Part 1 (dougallj.wordpress.com) |
| 1 point by infosecau on Nov 14, 2016 | past |
|
| 25. | | Taking Over DigitalOcean Domains via a Lax Domain Import System (thehackerblog.com) |
| 385 points by infosecau on Aug 26, 2016 | past | 170 comments |
|
| 26. | | SmashBot – An AI That Plays Super Smash Bros (github.com/altf4) |
| 1 point by infosecau on June 7, 2016 | past |
|
| 27. | | Exploring the QNX shadowed password hash formats (moar.so) |
| 3 points by infosecau on Dec 28, 2015 | past |
|
| 28. | | Instagram's Million Dollar Bug (exfiltrated.com) |
| 1562 points by infosecau on Dec 17, 2015 | past | 516 comments |
|
| 29. | | Severe bugs in 11 Indian startups worth $3B+ in a week (medium.com/fallible) |
| 1 point by infosecau on Oct 8, 2015 | past |
|
| 30. | | A survey of insecure Flash crossdomain policies (whatever.io) |
| 20 points by infosecau on Oct 4, 2015 | past |
|
|
| More |
