Archives
- 24 Apr Your S3 Bucket Is an Open Directory and You Probably Don't Know It
- 23 Apr Breaking My Own Infrastructure: 12 Days, 19 Findings, 3 False Positives
- 22 Apr What --dryrun Taught Me About Confidence
- 21 Apr The Load Balancer That Trusted Everyone
- 20 Apr I Can Read Everyone's Invoices (and Found a Backdoor Inside)
- 19 Apr The Refresh Token That Wouldn't Die
- 18 Apr It's 3 AM and I'm Creating a Thousand Invoices
- 17 Apr I Just Sent XSS Payloads to the Support Team
- 16 Apr When Your Internal Fields Aren't Internal: The Day I Deleted My Own Account
- 15 Apr The CORS Rabbit Hole I Didn't Want to Go Down
- 14 Apr How Two curl Commands Gave Me Full Access to an S3 Bucket
- 13 Apr 5,000 Attack Vectors Later: What I Learned From Testing Everything
- 12 Apr From DevOps to DevSecOps: Why I Started Breaking Things on Purpose