**tl;dr;** Microsoft has an internal use shorturl service at **go.microsoft.com** that can be enumerated for hijackable links. It might be useful for you as a red teamer if you want to phish windows users.
ReadIn October 2022 I found a pretty specific CSRF vulnerability on Bitbucket Server (the self hosted version). Since it has now been patched, here are the details.
ReadIn May last year (2022) I found and disclosed a vulnerability on a subdomain of nhp.gov.in. Using an exposed syncthing admin interface, I was able to gain root SSH access to the server by syncing the `/root/.ssh` directory.
ReadIn this post I want to show a quick way to scrape websites using the python package requests-html and firefox's developer tools.
ReadAn example of using Google Analytics to exfiltrate past CSP directives on HackerOne
ReadInstructions on how to revoke your public PGP key from MIT's Key Server.
Read