Cristi VladUncovering Critical Financial Bugs in a High-Profile Target - [A Pentester’s Diary]In a recent pentest, I found multiple bugs that, if exploited by threat actors, could have caused significant financial damage.Sep 11Sep 11
Cristi VladPrivilege Escalation to Admin through an Import FeatureI usually skip the introduction when posting a writeup because I don’t need to teach you what privesc or BOLA are, you can google that…Apr 251Apr 251
Cristi VladAccount Takeover [It Looked Secure at First]In a recent pentest for a client, I was going through the password reset flow. You know…Feb 151Feb 151
Cristi VladAccount Takeover via Weak OTPI seem to keep writing ATO posts here. I don’t mind. These are cool. Some are so easily discovered that it baffles me how persistent…Nov 2, 2023Nov 2, 2023
Cristi VladThe Domino Effect: How Multiple Bugs Lead to Account TakeoverIf you’ve spent sufficient time on a cybersecurity assignment so that the bigger picture falls into place, you know that some issues will…Oct 13, 2023Oct 13, 2023
Cristi VladUnauthenticated Massive PII LeakThis is probably the report that I’m most proud of. On top of that, it was the lengthiest I’ve ever written.Sep 13, 20233Sep 13, 20233
Cristi VladAccount Takeover via Email ConfirmationIt’s the second account takeover I’m finding on a client pentest in the span of a few days. I’m not sure wth is going on…Jul 25, 20233Jul 25, 20233
Cristi VladAccount (of the CEO) Takeover via Password ResetIn a web app pentest for a client, I found this interesting account takeover and I thought of sharing my findings with the infosec…Jul 10, 20231Jul 10, 20231
Cristi VladBugproof your Firmware with BugProveI guess the graphic above depicts the essence of BugProve, a recently launched European IOT Security company.Mar 30, 2023Mar 30, 2023
Cristi VladExfiltrating AWS Credentials via PDF Rendering of Unsanitized InputI know the title is a mouthful; submissions are open for better candidates. If you have one, suggest it below!Mar 1, 20231Mar 1, 20231