March 17, 2023

On SOP, CORS, and the Hows of Exfiltrating JWTs via XSS

In other words: how to not get c**k-blocked by CORS.

September 23, 2022

Achieving Persistence with SQL Injection

A tale of SQL injection (in 2022!) and the journey of making myself an admin for the LOLs 🥴

August 18, 2022

CodeQL - Exploring the Terrain #1

By playing CodeQL CTF: Go and don’t return organized by GitHub Security Lab.

July 10, 2022

HTB - RouterSpace

An easy box or so they say. The setup definitely wasn’t as easy though.

June 05, 2022

Security Automation at Scale #2 - Escalating Impact

AKA how to escalate from simple authentication bypass bug to dumping Personal Identifiable Information.

May 15, 2022

Security Automation at Scale #1 - Identifying Targets

AKA how automation can help identify vulnerable endpoints at scale 🚀

April 03, 2022

Deploying GUI Applications with Kubernetes

We have tons of tutorials online teaching us how to run GUI applications with Docker. But barely any of them talked about how to do so with Kubernetes.

February 09, 2022

On Deep Links and Web Views in Android APKs

Where unvalidated deep link + rendering of said link via web view = Open redirect!

January 14, 2022

Leaked API Keys and Firebase Misconfigurations

Okay, you reversed an APK and you found a couple of Google API keys, now what?

December 22, 2021

Finding Sensitive Strings in APKs

Or in any files, actually 🙈