Blog | Sam Curry 23
- Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel
- Hacking Kia: Remotely Controlling Cars With Just a License Plate
- Hacking Millions of Modems (and Investigating Who Hacked My Modem)
- Leaked Secrets and Unlimited Miles: Hacking the Largest Airline and Hotel Rewards Platform
- Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More
- Exploiting Web3's Hidden Attack Surface: Universal XSS on Netlify's Next.js Library
- Hacking Chess.com and Accessing 50 Million Customer Records
- We Hacked Apple for 3 Months: Here’s What We Found
- Hacking Starbucks and Accessing Nearly 100 Million Customer Records
- Don't Force Yourself to Become a Bug Bounty Hunter
- Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts
- Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty
- Analysis of CVE-2019-14994 - Jira Service Desk Path Traversal leads to Massive Information Disclosure
- Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program
- Reading ASP secrets for $17,000
- The $12,000 Intersection between Clickjacking, XSS, and Denial of Service
- Hacking a Massive Steam Scamming and Phishing Operation for Fun and Profit
- Exploiting Directory Traversal to View Customer Credit Card Information on Yahoo's Small Business Platform
- How I gained access to chef, docker, AWS, and MongoDB instances in a single request
- Permanent account takeover on Yahoo's Small Business platform
- How I could've taken over the production server of a Yahoo acquisition through command injection
- Eradicating image authentication injection from the entire internet
- How I stole the identity of every Yahoo user