Master SECThe beauty of chaining client-side bugsThis is part of a report of a bug that I sent back in 2020, changing of course the program name for obvious reasons.May 28, 2021May 28, 2021
Master SECWeaponizing BURP to work as an evil SSRF Confluence Server.I was doing bounty on a private H1 program that interacts with various external services one of them was Atlassian Confluence and Jira.Dec 14, 2019Dec 14, 2019
Master SECBypass Uppercase filters like a PRO (XSS Advanced Methods)While we are not working on Pentesting for companies, we love to Bug Hunting on Hackerone.Oct 11, 20192Oct 11, 20192