Avinash Jain (@logicbomb)A bug worth 1.75Lacs — AWS SSRF to RCEHow I escalated well known AWS SSRF to perform Remote Code Execution (RCE) in one of the India’s growing startups.Oct 27, 20224Oct 27, 20224
Avinash Jain (@logicbomb)A misconfigured Apache Airflow to AWS Account CompromiseThis is about how I was able to exploit a security misconfig of Apache Airflow and escalated it to access sensitive pages & credentials!Feb 2, 2022Feb 2, 2022
Avinash Jain (@logicbomb)Shift Left with AWS Codepipleine — Scanning every single code changeIn the agile world, where continuous iteration of development and testing happens throughout the SDLC (software development lifecycle)…May 18, 2021May 18, 2021
Avinash Jain (@logicbomb)OTP Bypass Account Takeover to Admin Panel — Ft. Header InjectionIt looks like this year has great promises at least the starting is good. Already 3 bug bounty in the pipeline(just showing off:P) and…Jan 27, 20211Jan 27, 20211
Avinash Jain (@logicbomb)Tale of 3 vulnerabilities to account takeoverThe whole writeup in 1 liner, I bypassed the rate limiting by bypassing cloudflare by reaching to orgin sever IP via SSRF xmlrpc.php…Nov 17, 20201Nov 17, 20201
Avinash Jain (@logicbomb)Securing Container using Threat Modelling— STRIDEThe increased adoption of containers has given rise to a wide range of potential threats to microservices apps that run in containers. If…Oct 7, 2020Oct 7, 2020
Avinash Jain (@logicbomb)inLambda by BlinkitHow Continuous Github Code Hacking Keeps Grofers SecureSecurity shouldn’t be treated as an after-thought.Jul 29, 2020Jul 29, 2020
Avinash Jain (@logicbomb)Phone Number Privacy? We don’t do that here: Google Hangout CallGoogle Hangout Calls and Exposing Phone NumbersMay 28, 20201May 28, 20201
Avinash Jain (@logicbomb)Docker Registries and their secretsNever leave your docker registry publicly exposed! Recently, I have been exploring dockers a lot in search of misconfigurations that…Apr 9, 2020Apr 9, 2020
Avinash Jain (@logicbomb)Hacking ‘Docker’, the Shodan way!Never leave your docker host publicly exposed!Jan 10, 20201Jan 10, 20201