Home
Ayoub Safa
Cancel

Hunting for bugs that Scanners miss, and WAFs fail to detect: SteelCon Talk UK 2023

Most web applications today are protected by WAFs, making it challenging for pentesters to test for payload-based vulnerabilities like SQL Injection and XSS. Additionally, automated tools and scann...

Uncommon and Advanced Techniques for Account Takeover Attacks: BSides Talk Leeds 2023

Account takeover attacks are a serious threat to individuals and organizations and are becoming increasingly common. In order to stay ahead of cybercriminals, it is important for Developers and Pen...

Story of OS Command Injection worth $7500

Command injection is a type of vulnerability that allows an attacker to execute arbitrary system commands on a vulnerable server. This type of attack occurs when an application fails to properly va...

The Bad Twin: a peculiar case of JWT exploitation scenario leading to Account Taker Over

Hey Everyone, Hope you’re doing well. It’s been a While since my first write-up, I hope you learn something new from this one and enjoy it. This post presents a new technique to exploit a bad imp...

Think Outside the Scope: Advanced CORS Exploitation Techniques

Link to my Original Write-Up: sandh0t.medium.com/think-outside-the-scope-advanced-cors-exploitation-techniques-dad019c68397 Hi everyone, My name is Ayoub, I’m a security researcher from Moro...

Old but Gold: Exploiting ASP.NET Padding Oracle MS10-070

Hey Everyone, Hope you’re doing well. This my first write-up, I hope you learn something new from this one and enjoy it. This post is about an old finding that I had discovered while testing an i...