Trying to find instructions on how to reset the M15w printer to set up a new wifi connection was annoying enough that I wrote it down.
Read**tl;dr;** Microsoft has an internal use shorturl service at **go.microsoft.com** that can be enumerated for hijackable links. It might be useful for you as a red teamer if you want to phish windows users.
ReadIn October 2022 I found a pretty specific CSRF vulnerability on Bitbucket Server (the self hosted version). Since it has now been patched, here are the details.
ReadIn May last year (2022) I found and disclosed a vulnerability on a subdomain of nhp.gov.in. Using an exposed syncthing admin interface, I was able to gain root SSH access to the server by syncing the `/root/.ssh` directory.
ReadIn this post I want to show a quick way to scrape websites using the python package requests-html and firefox's developer tools.
ReadAn example of using Google Analytics to exfiltrate past CSP directives on HackerOne
Read