Observations in Security

Michael Hyndman

Hello! I am Vice President of Information/Cyber Security for a global cyber safety company. I am also a bug bounty hunter and ethical hacker. This blog is a collection of my technical and social observations while navigating infosec.

Bypassing 403

A few weeks ago I came across this cool “accidental” exploit vector which was documented about 8 years ago by IRCmaxwell and describes a way to trick servers (behind a reverse proxy or load balancer) into thinking a HTTP request which is ordinarily unauthorised, is actually authorised. I read the blog post while doing someContinue reading “Bypassing 403”