Intro: It has been a while since my last blog post, and here we go again. This one will cover a vulnerability I discovered and reported back in April to a private program in HackerOne which I cannot disclose the name, but it is a well known insurance company in the USA.
Read more
Intro: Back to Feb 1, 2020 at 5:53PM, I reported a critical vulnerability issue that gives me a remote code execution(RCE) on StrongKey company. To those who don’t know, StrongAuth, or StrongKey is a security based company that “makes data breach irrelevant, with StrongKey technology, your data becomes worthless to hackers” as stated on their website !
Read more
Intro: Three years ago, while conducting my academic research. I come accross a website to download an interresting pdf course.
I downloaded the pdf, and as always, the nerd come back to mind whenever had the chance, even if it’s not the subject of my research. So, I tried to test the website for what it seems to me a vulnerability.
Read more
How I was able to access one of the russian antivirus (Bitdefender) domains through blind xss !
Read more
Sorry for the late, I wasn’t able to write this before. Academic exams were overwhelming as usual. Now, I got some time. Let’s start the (story)! One day, while doing my research as usual, I come across a web application that I (want) to test. Just curious, you know when a website pop up and you as usual with your hacker mind spirit want to test, just a small check list will be enough (as it wasn’t your target at first place).
Read more
![Struts your way into Strongkey [RCE]](/images/c3Ryb25na2V5LXJjZQo=.png)
![Inside a global leader in CyberSecurity [bitdefender dashboard]](/images/Ynhzcy1iaXRkZWZlbmRlcgo=.png)
