websec

Abusing URL Shortners to discover sensitive resources or assets · September 22, 2015 · websec bruteforce

Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions · July 16, 2015 · websec security tool

Introducing Websec Weekly · January 6, 2015 · websec bugbounty websec weekly

How I bypassed 2-Factor-Authentication on Google, Facebook, Yahoo, LinkedIn, and many others · May 3, 2014 · research websec logicflaw

Full Disclosure: Coinbase design allows for mass, targeted phishing of its users. · March 31, 2014 · websec logicflaw

Accessing PayPal’s internal network - the critical nature of SSRF · January 14, 2014 · research websec ssrf

I found Prezi’s source code · December 2, 2013 · research websec bugbounty

"wont fix" Persistent XSS on eBay member pages · September 21, 2013 · research websec