infosec
Claiming a microsoft shorturl for an easy phish
**tl;dr;** Microsoft has an internal use shorturl service at **go.microsoft.com** that can be enumerated for hijackable links. It might be useful for you as a red teamer if you want to phish windows users.
ReadBitbucket CSRF on SSH Add Key Endpoint via superdomain cookie
In October 2022 I found a pretty specific CSRF vulnerability on Bitbucket Server (the self hosted version). Since it has now been patched, here are the details.
Readkms.nhp.gov.in rooted via syncthing
In May last year (2022) I found and disclosed a vulnerability on a subdomain of nhp.gov.in. Using an exposed syncthing admin interface, I was able to gain root SSH access to the server by syncing the `/root/.ssh` directory.
ReadExfiltrating Past CSP Directives
An example of using Google Analytics to exfiltrate past CSP directives on HackerOne
ReadRevoking a PGP Key from MIT's Key Server
Instructions on how to revoke your public PGP key from MIT's Key Server.
ReadStored XSS via Swish Transaction
Last week I went to the cinema with some friends. My friend paid for the ticket so I decided to use
Read