← Blog contact
  • March 13
     Github Actions and the threat of malicious pull requests

  • July 15
     Shaking secrets out of CircleCI builds - insecure configuration and the threat of malicious pull requests

  • February 25
     Cache poisoning DoS in CloudFoundry gorouter (CVE-2020-5401)

  • January 27
     Exploiting email address parsing with AWS SES

  • October 31
     Abusing HTTP hop-by-hop request headers

  • October 04
     Wordpress Visualizer plugin XSS and SSRF

  • September 19
     HAProxy HTTP request smuggling (CVE-2019-18277)

  • March 09
     CORS'ing a Denial of Service via cache poisoning

  • November 02
     NBA 2K19 and the case of the curious t2.corp request

  • October 11
     Be careful with authenticated CORS and secrets like CSRF tokens

© Copyright 2023