Avinash Jain (@logicbomb)A bug worth 1.75Lacs — AWS SSRF to RCEHow I escalated well known AWS SSRF to perform Remote Code Execution (RCE) in one of the India’s growing startups.3 min read·Oct 27, 2022--4--4
Avinash Jain (@logicbomb)A misconfigured Apache Airflow to AWS Account CompromiseThis is about how I was able to exploit a security misconfig of Apache Airflow and escalated it to access sensitive pages & credentials!5 min read·Feb 2, 2022----
Avinash Jain (@logicbomb)Shift Left with AWS Codepipleine — Scanning every single code changeIn the agile world, where continuous iteration of development and testing happens throughout the SDLC (software development lifecycle)…7 min read·May 18, 2021----
Avinash Jain (@logicbomb)OTP Bypass Account Takeover to Admin Panel — Ft. Header InjectionIt looks like this year has great promises at least the starting is good. Already 3 bug bounty in the pipeline(just showing off:P) and…4 min read·Jan 27, 2021--1--1
Avinash Jain (@logicbomb)Tale of 3 vulnerabilities to account takeoverThe whole writeup in 1 liner, I bypassed the rate limiting by bypassing cloudflare by reaching to orgin sever IP via SSRF xmlrpc.php…5 min read·Nov 17, 2020--1--1
Avinash Jain (@logicbomb)Securing Container using Threat Modelling— STRIDEThe increased adoption of containers has given rise to a wide range of potential threats to microservices apps that run in containers. If…5 min read·Oct 7, 2020----
Avinash Jain (@logicbomb)inLambda by BlinkitHow Continuous Github Code Hacking Keeps Grofers SecureSecurity shouldn’t be treated as an after-thought.5 min read·Jul 29, 2020----
Avinash Jain (@logicbomb)Phone Number Privacy? We don’t do that here: Google Hangout CallGoogle Hangout Calls and Exposing Phone Numbers4 min read·May 28, 2020--1--1
Avinash Jain (@logicbomb)Docker Registries and their secretsNever leave your docker registry publicly exposed! Recently, I have been exploring dockers a lot in search of misconfigurations that…4 min read·Apr 9, 2020----
Avinash Jain (@logicbomb)Hacking ‘Docker’, the Shodan way!Never leave your docker host publicly exposed!4 min read·Jan 10, 2020--1--1