Do NOT report security vulnerabilities, report impacts instead!TL;DR: In this post I’ll show you why and how you should report an impact instead of a vulnerability.Feb 5, 20223Feb 5, 20223
The Powerful HTTP Request Smuggling 💪TL;DR: This is how I was able to exploit a HTTP Request Smuggling in a Mobile Device Management (MDM) servers and send any MDM command to…Oct 1, 20203Oct 1, 20203
Account Takeover For The Win 🏆TL;DR: This is about how I got Account Takeover (ATO) vulnerabilities on two big e-commerce companies and a bypass after the first fix for…Aug 24, 20202Aug 24, 20202
This is fine 🐶TL;DR: There are a bunch of sensitive data stored on search engine cache servers related to some Microsoft services but this is fine.Jun 8, 20201Jun 8, 20201
Subdomain Enumeration Tools EvaluationTL;DR: A simple and straightforward evaluation of subdomain enumeration tools available on the internet based on number of subdomains…Feb 9, 20204Feb 9, 20204
Reusing CookiesTL;DR: This is a story how I accidentally found a common vulnerability across similar web applications just by reusing cookies on…Dec 7, 20191Dec 7, 20191
How to Become a RockstarMeu objetivo inicial era levantar um grana extra e em segundo lugar aprender mais sobre web security então escolhi um Bug Bounty Program no…Dec 29, 2017Dec 29, 2017