Observations in Security

Michael Hyndman

Hello! I am a bug hunter and head of security for a global cyber safety company. This blog is a collection of my technical and psychological observations while navigating infosec.

Bypassing 403

A few weeks ago I came across this cool “accidental” exploit vector which was documented about 8 years ago by IRCmaxwell and describes a way to trick servers (behind a reverse proxy or load balancer) into thinking a HTTP request which is ordinarily unauthorised, is actually authorised. I read the blog post while doing someContinue reading “Bypassing 403”