PinnedSerj NovoselovinInfoSec Write-upsXSS on the Oauth callback URL with CSP bypass leading to zero-click account takeoverXSS on OAuth callback URL. Weaponizing the issue allowed zero-click account takeover.Oct 29, 20233Oct 29, 20233
PinnedSerj NovoselovinInfoSec Write-upsAttacking AWS | Common Cognito MisconfigurationsMost common Cognito misconfigurationsJun 8, 20231Jun 8, 20231
PinnedSerj NovoselovinInfoSec Write-upsExploiting Incorrectly Configured Load Balancer with XSS to Steal CookiesIntroductionJul 13, 20232Jul 13, 20232
PinnedSerj NovoselovinInfoSec Write-upsCritical Finding on TP-Link service or how I got 0$Plaintext users credentials were leakingJun 1, 20231Jun 1, 20231
Serj NovoselovinInfoSec Write-upsForced SSO Session FixationDuring a recent project, I encountered an interesting small issue that allowed for a one-click account takeover by fixating a SSO session.Aug 16Aug 16
Serj NovoselovinInfoSec Write-upsPrivate Interact.sh server setup with a web dashboardSetting up an own interact-sh with a web dashboard, for testing Out-Of-Bands interactions.Apr 26Apr 26
Serj NovoselovinInfoSec Write-upsXML External Entity injection with error-based data exfiltrationIn-the-wild issue with XXE error-based data exfiltrationJan 29Jan 29
Serj NovoselovExploiting vulnerabilities in LLM APIs [OS injection]This is a brief write-up on PortSwigger Lab: Exploiting vulnerabilities in LLM APIs.Jan 18Jan 18
Serj NovoselovinInfoSec Write-upsReverse SSH SOCKS proxy via Alpine imagePenetration testing often involves encountering fully restricted machines within the target network. How to build a gateway insideโฆOct 29, 2023Oct 29, 2023
Serj NovoselovinInfoSec Write-ups๐๐ ๐๐ง๐๐๐ซ๐ฌ๐ญ๐๐ง๐๐ข๐ง๐ ๐๐๐๐ ๐๐ง๐ ๐๐ฎ๐ข๐ฅ๐๐ข๐ง๐ ๐๐๐ฒ๐ฅ๐จ๐๐๐ฌ ๐ข๐ง ๐๐ข๐ง๐ฃ๐๐Jinja2 is a widely used template engine for Python web applications. However, it could be vulnerable to SSTI.Sep 6, 2023Sep 6, 2023