When looking at bug bounty programs that have existed for a long time it’s often beneficial to assume that every public facing page has already been automatedly scanned to death. In many cases this...

1) Intro & Motivations 2) Findings 3) <a href="http://shubs.io/high-frequency-security-b

1) Intro & Motivations At the start of of this year, I set myself a personal goal of finding 365 bugs in 365 days. This was entirely motivated by wanting to challenge myself to find more securi...

When gaining shell access to a machine on a network, a promising attack vector is to check the internal network for web applications and services that may be accessible from the machine that has be...

As of late, a fair few companies and startups have been using dedicated URL shortner services to use for tracking and social media purposes. An example link from such URL shortners look like this i...

As of late, I have been pentesting more and more applications that use some sort of mechanism to prevent unauthorized access to directories based on client IP addresses. In many cases, this has pro...

As of late, I have been pentesting more and more applications that use some sort of mechanism to prevent unauthorized access to directories based on client IP addresses. In many cases, this has pro...

Security for young people is something I care about. We need to make an investment whether it be time, money or support or university outreach, to get younger people (preferrably students) to see s...

Exploiting Markdown Syntax Markdown is wonderful. In fact, this blog post itself is written in Markdown. I don't need to use lengthy uneccessary HTML for simple things like links, tables, code...