Posts

Bugs showcase #2: Privilege escalation using improper preservation of permissions during the OAuth app installation

May 31, 2023 · 4 min · 837 words

Bugs showcase #1: Chaining a lack of values correlation, linear growth of attempts, and other omissions in OTP implementations to achieve 2 ATOs

This post describes two account takeover vulnerabilities w/o user interaction resulting from multiple omissions in the OTP implementations.

January 19, 2023 · 10 min · 2001 words

Multi-factor authentication security testing and possible bypasses

This post contains 11 methods of MFA bypassing

January 9, 2020 · 16 min · 3365 words

Exploitaiton of Cookie-Based XSS vulnerabilities

A guide on how to exploit Cookie-Based XSS bugs

July 17, 2019 · 9 min · 1715 words

Disclosure of 5 million links to the Telegram private chats and the possibility of editing any article on Telegra.ph

March 29, 2018 · 9 min · 1889 words

How I hacked cryptocurrency-related companies

A tale of 7 vulnerabilities on services related to the cryptocurrency

December 21, 2017 · 12 min · 2361 words