In this post, I want to walk through a new request smuggling bug chain I reported to MSRC that affected Azure Front Door. This issue was tracked as VULN-157984, confirmed by Microsoft, fixed, and awarded under the Azure bounty program.
In this post, I want to walk through a request smuggling bug chain I reported to MSRC that affected Azure Front Door. This issue was tracked as VULN-152925, confirmed by Microsoft, fixed, and awarded under the Azure bounty program.
In this post, I will continue on my last paper by showing the readers a severe HTTP request smuggling bug chain using a new gadget, as well as a few ways to exploit it.
In this post, I am going to show the readers how I was able to abuse Akamai so I could abuse F5 to steal internal data including authorization and session tokens from their customers.
In this post, I am going to show the readers how to write their own RDI/sRDI loader in C, and then show how to optimize the code to make it fully position independent.
In this post, I am going to show the readers how to build a fully automated C2 infrastructure using Terraform with Nebula's end-to-end encryption backend communication layer.
In this post, I am going to show readers how easy it is for up-and-coming threat actors to completely compromise, then possibly extort large companies with very little effort by abusing openly available resources.
