Ricardo Iramar dos SantosDo NOT report security vulnerabilities, report impacts instead!TL;DR: In this post I’ll show you why and how you should report an impact instead of a vulnerability.5 min read·Feb 5, 2022--3--3
Ricardo Iramar dos SantosThe Powerful HTTP Request Smuggling 💪TL;DR: This is how I was able to exploit a HTTP Request Smuggling in a Mobile Device Management (MDM) servers and send any MDM command to…13 min read·Oct 1, 2020--2--2
Ricardo Iramar dos SantosAccount Takeover For The Win 🏆TL;DR: This is about how I got Account Takeover (ATO) vulnerabilities on two big e-commerce companies and a bypass after the first fix for…10 min read·Aug 24, 2020--2--2
Ricardo Iramar dos SantosThis is fine 🐶TL;DR: There are a bunch of sensitive data stored on search engine cache servers related to some Microsoft services but this is fine.8 min read·Jun 8, 2020--1--1
Ricardo Iramar dos SantosSubdomain Enumeration Tools EvaluationTL;DR: A simple and straightforward evaluation of subdomain enumeration tools available on the internet based on number of subdomains…3 min read·Feb 9, 2020--4--4
Ricardo Iramar dos SantosReusing CookiesTL;DR: This is a story how I accidentally found a common vulnerability across similar web applications just by reusing cookies on…16 min read·Dec 7, 2019--1--1
Ricardo Iramar dos SantosHow to Become a RockstarMeu objetivo inicial era levantar um grana extra e em segundo lugar aprender mais sobre web security então escolhi um Bug Bounty Program no…9 min read·Dec 29, 2017----