websec

Abusing URL Shortners to discover sensitive resources or assets · Sep 23 2015 Sep 23

Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions · Jun 15 2015 Jun 15

Introducing Websec Weekly · Jan 6 2015 Jan 6

How I bypassed 2-Factor-Authentication on Google, Facebook, Yahoo, LinkedIn, and many others · May 14 2014 May 14

Full Disclosure: Coinbase design allows for mass, targeted phishing of its users. · Apr 1 2014 Apr 1

Accessing PayPal’s internal network - the critical nature of SSRF · Jan 14 2014 Jan 14

I found Prezi’s source code · Dec 3 2013 Dec 3

"wont fix" Persistent XSS on eBay member pages · Sep 21 2013 Sep 21