A bug worth 1.75Lacs — AWS SSRF to RCEHow I escalated well known AWS SSRF to perform Remote Code Execution (RCE) in one of the India’s growing startups.Oct 27, 2022A response icon4Oct 27, 2022A response icon4
A misconfigured Apache Airflow to AWS Account CompromiseThis is about how I was able to exploit a security misconfig of Apache Airflow and escalated it to access sensitive pages & credentials!Feb 2, 2022Feb 2, 2022
Shift Left with AWS Codepipleine — Scanning every single code changeIn the agile world, where continuous iteration of development and testing happens throughout the SDLC (software development lifecycle)…May 18, 2021May 18, 2021
OTP Bypass Account Takeover to Admin Panel — Ft. Header InjectionIt looks like this year has great promises at least the starting is good. Already 3 bug bounty in the pipeline(just showing off:P) and…Jan 27, 2021A response icon1Jan 27, 2021A response icon1
Tale of 3 vulnerabilities to account takeoverThe whole writeup in 1 liner, I bypassed the rate limiting by bypassing cloudflare by reaching to orgin sever IP via SSRF xmlrpc.php…Nov 17, 2020A response icon1Nov 17, 2020A response icon1
Securing Container using Threat Modelling— STRIDEThe increased adoption of containers has given rise to a wide range of potential threats to microservices apps that run in containers. If…Oct 7, 2020Oct 7, 2020
Published inLambda by BlinkitHow Continuous Github Code Hacking Keeps Grofers SecureSecurity shouldn’t be treated as an after-thought.Jul 29, 2020Jul 29, 2020
Phone Number Privacy? We don’t do that here: Google Hangout CallGoogle Hangout Calls and Exposing Phone NumbersMay 28, 2020A response icon1May 28, 2020A response icon1
Docker Registries and their secretsNever leave your docker registry publicly exposed! Recently, I have been exploring dockers a lot in search of misconfigurations that…Apr 9, 2020Apr 9, 2020
Hacking ‘Docker’, the Shodan way!Never leave your docker host publicly exposed!Jan 10, 2020A response icon1Jan 10, 2020A response icon1
