Nothing here yet.
Nothing here yet.
Jan 16 · 2 min read · Overview During a penetration test of a Web Applications API, I discovered a vulnerability in the password reset functionality that allowed an attacker to intercept reset tokens and take over user accounts. By manipulating a user-controllable field i...
Join discussion
Dec 16, 2025 · 2 min read · During a web application assessment, I discovered an exposed .git directory that allowed me to download the application's entire source code. By extracting and analysing the git objects, I identified hardcoded credentials that granted admin-level acc...
Join discussion
May 20, 2025 · 2 min read · Overview During a web application penetration test, I identified a broken access control issue that allowed a low-privileged user to escalate their privileges to administrator. The issue was easy to identify and had a high impact, as it allowed full ...
Join discussion
Nov 16, 2024 · 2 min read · Overview During a black-box web application penetration test, I identified an unauthenticated SQL injection vulnerability that could be escalated to remote command execution. Although SQL injection vulnerabilities are less common today, this finding ...
Join discussion
Jul 9, 2024 · 2 min read · Overview During a penetration test of a web application, I identified a flawed two-factor authentication implementation that could be bypassed using brute-force techniques. This finding demonstrates that poorly implemented two-factor authentication (...
Join discussion
