Bug Bounty - Malicious Group

Smuggling Through the Front Door... Achieving 0-Click XSS with Cache Poisoning

In this post, I want to walk through a new request smuggling bug chain I reported to MSRC that affected Azure Front Door. This issue was tracked as VULN-157984, confirmed by Microsoft, fixed, and awarded under the Azure bounty program.

Offensive Security

Smuggling Through the Front Door... Achieving Global Redirect Poisoning at the Edge

In this post, I want to walk through a request smuggling bug chain I reported to MSRC that affected Azure Front Door. This issue was tracked as VULN-152925, confirmed by Microsoft, fixed, and awarded under the Azure bounty program.

◆ Top 10 Web Attacks 2023 #8

Offensive Security

From Akamai to F5 to NTLM... with love.

In this post, I am going to show the readers how I was able to abuse Akamai so I could abuse F5 to steal internal data including authorization and session tokens from their customers.