Sign in Subscribe

Bug Bounty

Bug Bounty

Guides, tips, and experiences from participating in bug bounty programs. Learn how to responsibly discover and report security vulnerabilities in real-world applications and platforms.

The Quiet Side Channel... Smuggling with CL.0 for C2

The Quiet Side Channel... Smuggling with CL.0 for C2

Most people think HTTP smuggling requires complex header tricks or broken protocol parsing. But sometimes, the most effective exploits aren’t based on complexity — they’re based on trust. In this paper, I’ll show how a simple misalignment in expectations between front-end and back-end servers can be quietly exploited

HTTP is dead... Long live HTTP?!

HTTP is dead... Long live HTTP?!

In this paper I will expose how HTTP's evolution has created exploitable security flaws. I'll demonstrate practical attacks like request smuggling and cache poisoning, and provide tactical approaches for security professionals to address these vulnerabilities.

From Akamai to F5 to NTLM... with love.

From Akamai to F5 to NTLM... with love.

In this paper I will expose critical flaws in Akamai's implementation that lead to NTLM credential exposure. I'll demonstrate how these vulnerabilities chain across F5 infrastructure, presenting attack techniques and essential mitigations for defenders.