| Attacking PowerShell CLIXML Deserialization |
|
|
|
| ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts |
|
|
|
| Exploring Anti-Phishing Measures in Microsoft 365 |
|
|
|
| Dynamics 365 Business Central - A Journey With Ups and Downs |
|
|
|
| Github Actions Exploitation: Untrusted Input |
|
|
|
| Discovering a CRLF Injection Vulnerability: My Journey into the MSRC Blog Website |
|
|
|
| Multiple vulnerabilities in Eclipse ThreadX |
|
|
|
| Old new email attacks |
|
|
|
| Lethal Injection: How We Hacked Microsoft's Healthcare Chat Bot |
|
|
|
| Hello: I’m your Domain Admin and I want to authenticate against you |
|
|
|
| Fixing Typos And Breaching Microsoft’s Perimeter |
|
|
|
| Hacking Microsoft and Wix with Keyboard Shortcuts |
|
|
|
| Device Code Phishing – Add Your Own Sign-In Methods on Entra ID |
|
|
|
| Introducing MavenGate: a supply chain attack method for Java and Android applications |
|
|
|
| Unrestricted File Upload Lead to Stored XSS at Microsoft main domain |
|
|
|
| XSS to OAuth access token leak in office online which can be used to account takeover |
|
|
|
| Entra ID Connect Arbitrary Password Overwrite |
|
|
|
| Weaponizing DHCP DNS Spoofing — A Hands-On Guide |
|
|
|
| SMTP Smuggling - Spoofing E-Mails Worldwide |
|
|
|
| Spoofing DNS Records by Abusing DHCP DNS Dynamic Updates |
|
|
|
| It's not a Feature, It's a Vulnerability |
|
|
|
| Visual Studio Code Security: Markdown Vulnerabilities in Third-Party Extensions (2/3) |
|
|
|
| OAuth 2.0 Redirect URI Validation Falls Short, Literally |
|
|
|
| Long Live the Pwn Request: Hacking Microsoft GitHub Repositories and More |
|
|
|
| 38TB of data accidentally exposed by Microsoft AI researchers |
|
|
|
writeups.xyz
/
Microsoft