← Blog contact
  • March 13
    Github Actions and the threat of malicious pull requests

  • July 15
    Shaking secrets out of CircleCI builds - insecure configuration and the threat of malicious pull requests

  • February 25
    Cache poisoning DoS in CloudFoundry gorouter (CVE-2020-5401)

  • January 27
    Exploiting email address parsing with AWS SES

  • October 31
    Abusing HTTP hop-by-hop request headers

  • October 04
    Wordpress Visualizer plugin XSS and SSRF

  • September 19
    HAProxy HTTP request smuggling (CVE-2019-18277)

  • March 09
    CORS'ing a Denial of Service via cache poisoning

  • November 02
    NBA 2K19 and the case of the curious t2.corp request

  • October 11
    Be careful with authenticated CORS and secrets like CSRF tokens

© Copyright 2023