Hunting for bugs that Scanners miss, and WAFs fail to detect: SteelCon Talk UK 2023

Most web applications today are protected by WAFs, making it challenging for pentesters to test for payload-based vulnerabilities like SQL Injection and XSS. Additionally, automated tools and scann...

Jul 8, 2023 JWT, UUID, Account Takeover, IDOR, Password Reset

Uncommon and Advanced Techniques for Account Takeover Attacks: BSides Talk Leeds 2023

Account takeover attacks are a serious threat to individuals and organizations and are becoming increasingly common. In order to stay ahead of cybercriminals, it is important for Developers and Pen...

Jul 8, 2023 JWT, UUID, Account Takeover, Password Reset

Story of OS Command Injection worth $7500

Command injection is a type of vulnerability that allows an attacker to execute arbitrary system commands on a vulnerable server. This type of attack occurs when an application fails to properly va...

Oct 15, 2021 Command Injection, RCE, out-of-band, OOB

The Bad Twin: a peculiar case of JWT exploitation scenario leading to Account Taker Over

Hey Everyone, Hope you’re doing well. It’s been a While since my first write-up, I hope you learn something new from this one and enjoy it. This post presents a new technique to exploit a bad imp...

May 7, 2020 JWT, ATO, Acoount Takeover

Think Outside the Scope: Advanced CORS Exploitation Techniques

Link to my Original Write-Up: sandh0t.medium.com/think-outside-the-scope-advanced-cors-exploitation-techniques-dad019c68397 Hi everyone, My name is Ayoub, I’m a security researcher from Moro...

May 14, 2019 CORS, XSS, CSRF, JavaScript

Old but Gold: Exploiting ASP.NET Padding Oracle MS10-070

Hey Everyone, Hope you’re doing well. This my first write-up, I hope you learn something new from this one and enjoy it. This post is about an old finding that I had discovered while testing an i...

Jun 15, 2018 Padding Oracle, Path Traversal, ASP.NET

1
1 / 1