ElasticSearch Smash & GrabWhile iterating through subdomains I got a response likeJul 26, 2024Jul 26, 2024
Cap’n Crunch’s place in hacking historyDuring the mid 1900’s telephone companies where doing their best move away from having operators connect each individual call. As phone…Apr 17, 2024Apr 17, 2024
Web Application Hacking Required ReadingA few books that I’ve read along the way that have greatly impacted my life are still good reads, even though they are getting old.Mar 27, 2024Mar 27, 2024
Published inBugBountyTipsStored XSS with HTTP only Session CookiesI got into a bug bounty program where you develop a store front to shill garbage to the masses. After some rooting around I found an XSS…Feb 15, 20242Feb 15, 20242
Published inTechiepediaFat GET Authorization BypassI was testing a SaaS web application that would generate reports with user data. There were several different reports for user roles and…Nov 29, 2023Nov 29, 2023
Published inTechiepediaXSS ContextXSS vulnerabilities are a common “first bug” for people getting into cybersecurity. It is also a mainstay vulnerability that professionals…Nov 7, 2023Nov 7, 2023
Web Security Practice Lab SetupThe purpose is to provide instructions on how to set up a web security test bed for upcoming talks and workshops.Oct 14, 2022Oct 14, 2022
Code review to simple RCEA code review penetration test of an old PHP application reveled a simple RCE.Jun 9, 2022Jun 9, 2022
Bug Bounty FIRE GoalsUsing bug bounty along side full-time employment is a solid means to attain FIRE. (Financial Independence/Retire Early)May 26, 2022May 26, 2022
Published inTechiepediaSocial Media Take Over = Easy MoneyIf you are alive like me, you probably also enjoy the idea of easy money.May 26, 2022May 26, 2022