Summary More and more in modern web applications, particularly sensitive applications such as financial apps, we see the introduction of signature headers which are used to provide some mechanism of tamper-proofing of the request from the client. These signatures can be problematic if using common tools such as Burp …

Stored XSS to Account Takeover (ATO) via GraphQL API Late last year on HackerOne during an LHE (this is only important later due to an extreme time crunch), I found an extremely challenging vulnerability on a major brand's web site involving several layers of exploitation ultimately resulting in a stored XSS payload …

Summary One of the things that I love about CTFs is when they provide challenges that don't require knowledge of weird language quirks or obscure exploits or (ugh) guesswork but instead just a clear head and some common sense. Kudos to the designer of the DeadSec 2023 CTF Trailblazer challenge, which offered exactly …

Summary This writeup talks about a successful collab that I did with Dark9T (@UsmanMansha) on a private program hosted on Bugcrowd. We ended up able to bypass Akamai WAF and achieve Remote Code Execution (P1) using Spring Expression Language injection on an application running Spring Boot. This was the 2nd RCE via SSTI …

In September 2022, I celebrated 2 years doing bug bounty as the anniversary of my first paid bounty on HackerOne passed. I thought it might be useful to write up some of the lessons learned and some tips and tricks that might help new hunters (things I wish I knew when I started). Bug bounty has been an incredible …

Summary Genesis Wallet was one of the harder web challenges in the 2022 Hack the Box (HTB) CTF. Our team composed of Synack Red Team members finished a respectable 21st place, unfortunately we were very close to solving this challenge and literally were about 5 minutes from a successful solve when time expired - so …

Summary In research related to a Synack Red Team client, I was able to discover several authentication bypass issues in the LuxCal web calendar component. The limited details of these issues, which have been resolved by the vendor in version 5.2.0 of the software, are listed below. As an agreement with the vendor, we …

Summary Many new bug bounty hunters will blindly rely on the output of tools to magically find them bugs. As most experienced hunters know, the key to long-term success is to understand how to effectively use the many great tools and fine-tune these tools to achieve results in the form of valuable, challenging bugs. …