On SOP, CORS, and the Hows of Exfiltrating JWTs via XSS
In other words: how to not get c**k-blocked by CORS.
Achieving Persistence with SQL Injection
A tale of SQL injection (in 2022!) and the journey of making myself an admin for the LOLs 🥴
CodeQL - Exploring the Terrain #1
By playing CodeQL CTF: Go and don’t return organized by GitHub Security Lab.
HTB - RouterSpace
An easy box or so they say. The setup definitely wasn’t as easy though.
Security Automation at Scale #2 - Escalating Impact
AKA how to escalate from simple authentication bypass bug to dumping Personal Identifiable Information.
Security Automation at Scale #1 - Identifying Targets
AKA how automation can help identify vulnerable endpoints at scale 🚀
Deploying GUI Applications with Kubernetes
We have tons of tutorials online teaching us how to run GUI applications with Docker. But barely any of them talked about how to do so with Kubernetes.
On Deep Links and Web Views in Android APKs
Where unvalidated deep link + rendering of said link via web view = Open redirect!
Leaked API Keys and Firebase Misconfigurations
Okay, you reversed an APK and you found a couple of Google API keys, now what?
Finding Sensitive Strings in APKs
Or in any files, actually 🙈