Hey 馃憢

This is Max鈥檚 (aka w2w) blog dedicated to security research and white hat hacking

Bugs showcase #1: Chaining a lack of values correlation, linear growth of attempts, and other omissions in OTP implementations to achieve 2 ATOs

This post describes two account takeover vulnerabilities w/o user interaction resulting from multiple omissions in the OTP implementations.

January 19, 2023 路 10 min 路 2001 words

Multi-factor authentication security testing and possible bypasses

This post contains 11 methods of MFA bypassing

January 9, 2020 路 16 min 路 3365 words

Exploitaiton of Cookie-Based XSS vulnerabilities

A guide on how to exploit Cookie-Based XSS bugs

July 17, 2019 路 9 min 路 1715 words

Disclosure of 5 million links to the Telegram private chats and the possibility of editing any article on Telegra.ph

March 29, 2018 路 9 min 路 1889 words

How I hacked companies related to cryptocurrency

A tale of 7 vulnerabilities on services related to the cryptocurrency

December 21, 2017 路 12 min 路 2361 words