One of the more common vulnerabilities on ASP.NET applications is local file disclosure. If you’ve never developed or worked with this technology, exploiting LFD can be confusing and often unfruitf...

Go supports multiple programming paradigms, including object orientation. However, if you’re coming to Go from Java, you may be slightly… ehm… disoriented. One striking absence is that of any acces...

defer, in a nutshell ¶ When learning Go, one quickly comes across the defer keyword. For instance, the Tour of Go introduces defer thus: A defer statement defers the execution of a function until t...

The specific application that I’ve been targeting over the last few weeks is a bitcoin gambling website where a stock will progressively rise over time. The gambler decides the amount of money they...

When I’m not doing bug bounty or studying for school I’ll often be playing Counter-Strike: Global Offensive or PLAYERUNKNOWN’S BATTLEGROUNDS. Both of these games are awesome and really fun to play,...

The Yahoo small business platform was storing user information in a set of directories that were protected simply by obscurity. The attacker, with knowledge of the victims email, could run an wordl...

The following article details the successful exploitation of a server sided request forgery vulnerability in Yahoo’s small business platform.

If you decided to go out and spontaneously develop a content management system one of the most crucial and necessary setups would be the authentication of user accounts. This function is generally ...

On the night of May 20th I had begun to develop a small headache and neck pains after spending days looking at Yahoo’s messenger application. I couldn’t get a grasp of how it operated, so I stepped...

Thinking back to old forum days I can specifically remember an event where attackers modified their avatars to be invalid pages that responded with “HTTP 401 Unauthorized”. This didn’t really seem ...