I received an email saying I’m a top 25 researcher in the California VDP from 2024. Not too bad from the thousands of reports they get, I’m sure.

I recently ran across an application that allowed access to a ClickHouse DB for my user. The access was allowed, so that isn’t an issue. However, when we as pentesters or bug bounty hunters get acc...

The other day I received an email saying I was eligible for some swag for getting my 25th valid P1 submission on BugCrowd. I don’t do too much BB hunting these days, and also not too much on BugCro...

Welcome! I was sick of ‘maintaining’ (not that it was a lot of work) my previous blog that ran a wordpress stack on ec2 instance, so I decided to migrate to Jekyll and the Chirpy theme. The migra...

That’s in quotes, because this is seemingly a self-HTML injection with little to no security impact, but it does allow for you to change your reMarkable’s sleep screen in a different way. Maybe it’...

A while back the illustrious team over at Project Discovery wrote about the discovery of an SQLi in Masa/Mura CMS. It’s a good writeup, so go check it out for the technical details. Recently, I ra...

If you’re a pentester or bug bounty hunter that is trying to do some iOS mobile application testing, half the battle is getting a phone properly jailbroken so you can proxy HTTP requests. Nowadays,...

> Note: disregard any layout/content/formatting errors as this post was migrated from wordpress to jekyll As mentioned in a previous post, I was the July RotM for the DoD VDP program. I decided...

I was recently awarded the DoD Researcher of the Month for July, 2023. Between moving across the country and other hacking duties, I still had time to hammer away at a particular subdomain and foun...

PyMedusa is a well-known video library manager that many of us self-hosted types may use to organize our libraries. I decided to give it a spin one day and found a classic OS command injection as s...