1. Please email me your password

    I decided to do a write up about what I think is a unique account takeover bug that I recently found. I was really surprised on the ending and I must say I got extremely lucky as you’ll see later on. This is on a private program so I apologize for everything that is redacted and the few screenshots. …


  2. No RCE? Then SSH to the box!

    This blog post is about my first RCE shell (or whatever you want to call it) that I got in a bug bounty program back in summer 2017. There’s absolutely nothing special about it and you might not even learn anything new, but if you do, I’m glad I was able to help! I just felt that it was a different way of getting access to a box, especially in bug bounty. …