Walking the path least trodden – hacking iOS apps at scale
This is a story of how I set out to find some bounties and how I found gold, hacking iOS apps, at scale. One of the essentials qualities of a bug hunter is the ability to find exploitable vulnerabilities that others haven’t found. The ability to find bugs not discovered by others is a quality … Continue reading Walking the path least trodden – hacking iOS apps at scale
Bypassing 403
A few weeks ago I came across this cool “accidental” exploit vector which was documented about 8 years ago by IRCmaxwell and describes a way to trick servers (behind a reverse proxy or load balancer) into thinking a HTTP request which is ordinarily unauthorised, is actually authorised. I read the blog post while doing some … Continue reading Bypassing 403