Hello! I am a bug hunter and head of security for a global cyber safety company. This blog is a collection of my technical and psychological observations while navigating infosec.
Over the course of my career, the limitations and capabilities of the human brain and how these impact the tasks we perform, the choices we make and our long term career trajectory has been a source of great fascination for me. When solving problems at work we rarely take a step back and consider toContinue reading “How to optimize your hacking by understanding your mind.”
This is a story of how I set out to find some bounties and how I found gold, hacking iOS apps, at scale. One of the essentials qualities of a bug hunter is the ability to find exploitable vulnerabilities that others haven’t found. The ability to find bugs not discovered by others is a qualityContinue reading “Walking the path least trodden – hacking iOS apps at scale”
A few weeks ago I came across this cool “accidental” exploit vector which was documented about 8 years ago by IRCmaxwell and describes a way to trick servers (behind a reverse proxy or load balancer) into thinking a HTTP request which is ordinarily unauthorised, is actually authorised. I read the blog post while doing someContinue reading “Bypassing 403”