Owning half of a government assets through AWS

2022-12-20

Account takeover via misconfigured SSO [OIDC] implementation

2023-09-08

Auth Bypass Via Exposed Credentials

2022-10-07

My s3 bugs so far...

2024-08-27

Battling Parasoft DTP :: Default Creds to RCE

2024-03-11

Getting AWS s3 file Write/OverWrite from Cognito

2023-06-20

Idor that resulted to Account takeover

2023-11-29

Compromising custom AWS infra API [read/write access] from a clientId & clientSecret

2023-07-27

From an Innocent api-key to PII data

2023-02-29

JBOSS :: From Default Creds to RCE

2023-09-13

The Bug That Kept On Giving :: PaymentBypass :: QR CODE

2022-3-12

The Bug That Kept On Giving :: PaymentBypass :: Eposed Return Url

2022-4-5

The Bug That Kept On Giving :: PaymentBypass :: Response Manipulation

2022-16-12

The SSRF that Brought down a Server

2023-01-07

The Samaritan Bug

2021-10-04

The Spring Of Secrets

2024-12-08

Let me Unmask my next 👻

2022-02-22

Idor: I know where you live

2024-10-18

My First Bug

2021-10-04

Whoami

2021-10-04

Why jijo

2020-12-10