Hacker News
- Cloudflare Pages, part 1: The fellowship of the secret https://blog.assetnote.io/2022/05/06/cloudflare-pages-pt1/ 2 comments
- Taking over Uber accounts through voicemail https://blog.assetnote.io/2021/06/27/uber-account-takeover-voicemail/ 5 comments
- Hacking on Bug Bounties for Four Years https://blog.assetnote.io/2020/09/15/hacking-on-bug-bounties-for-four-years/ 10 comments
- Taking over Azure DevOps accounts with one click https://blog.assetnote.io/2020/06/28/subdomain-takeover-to-account-takeover/ 25 comments
- Expanding the Attack Surface: React Native Android Applications https://blog.assetnote.io/bug-bounty/2020/02/01/expanding-attack-surface-react-native/ 11 comments
Lobsters
- Hacking on Bug Bounties for Four Years https://blog.assetnote.io/2020/09/15/hacking-on-bug-bounties-for-four-years/ 3 comments security , web
- Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway (Part 2) https://blog.assetnote.io/2023/07/24/citrix-rce-part-2-cve-2023-3519/ 2 comments netsec
- Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway https://blog.assetnote.io/2023/07/21/citrix-CVE-2023-3519-analysis/ 3 comments netsec
- Encrypted Doesn't Mean Authenticated: ShareFile RCE (CVE-2023-24489) https://blog.assetnote.io/2023/07/04/citrix-sharefile-rce/ 4 comments netsec
- Exploiting an Order of Operations Bug to Achieve RCE in Oracle Opera https://blog.assetnote.io/2023/04/30/rce-oracle-opera/ 3 comments netsec
- CloudFlare Pages, part 1: The fellowship of the secret https://blog.assetnote.io/2022/05/06/cloudflare-pages-pt1/ 4 comments netsec
- Hacking a Bank by Finding a 0day in dotCMS https://blog.assetnote.io/2022/05/03/hacking-a-bank-using-dotcms-rce/ 5 comments netsec
- Encrypting our way to SSRF in VMWare Workspace One UEM/Airwatch (CVE-2021-22054) https://blog.assetnote.io/2022/04/27/vmware-workspace-one-uem-ssrf/ 5 comments netsec
- Eliminating Dangling Elastic IP Takeovers with Ghostbuster https://blog.assetnote.io/2022/02/13/dangling-eips/ 2 comments netsec
- Solarwinds Web Help Desk: When the Helpdesk is too Helpful https://blog.assetnote.io/2022/01/23/solarwinds-webhelpdesk-hsql-eval-harcoded-creds/ 2 comments netsec
- GraphQL batching might bypass your services’ rate limiting logic https://blog.assetnote.io/2021/08/29/exploiting-graphql/ 20 comments programming
- Taking over Uber accounts through voicemail https://blog.assetnote.io/2021/06/27/uber-account-takeover-voicemail/ 10 comments netsec
- H2C Smuggling in the Wild https://blog.assetnote.io/2021/03/18/h2c-smuggling/ 5 comments netsec
- Hacking on Bug Bounties for Four Years https://blog.assetnote.io/2020/09/15/hacking-on-bug-bounties-for-four-years/ 21 comments netsec
- Taking over Azure DevOps Accounts with 1 Click https://blog.assetnote.io/2020/06/28/subdomain-takeover-to-account-takeover/?v=2 7 comments netsec
- Getting access to Zendesk’s Google Cloud and Artifactory from GitHub dotfile repos https://blog.assetnote.io/bug-bounty/2019/04/23/getting-access-zendesk-gcp/ 5 comments netsec
- Discovering a zero day and getting code execution on Mozilla's AWS Network https://blog.assetnote.io/bug-bounty/2019/03/19/rce-on-mozilla-zero-day-webpagetest/ 23 comments netsec
- Gaining access to Uber's user data through AMPScript evaluation https://blog.assetnote.io/bug-bounty/2019/01/14/gaining-access-to-ubers-user-data-through-ampscript-evaluation/ 6 comments netsec