| Hijacking Someone Else’s DCSync |
|
|
|
| Cross-Tenant Information Disclosure: Unraveling Microsoft Connections, Custom Connectors, and OAuth 2.0 in Power Automate |
|
|
|
| Security Feature Bypass In ASP.NET and Visual Studio – Race Condition |
|
|
|
| Story of Clickjacking on Microsoft Leads To Privilege Escalation & Account Takeover Of Admin |
|
|
|
| AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice |
|
|
|
| Send email from anyone to any(user outlook Microsoft) |
|
|
|
| Size matters! When capital letters introduce vulnerabilities |
|
|
|
| Never Connect to RDP Servers Over Untrusted Networks |
|
|
|
| 2 XSS on Microsoft |
|
|
|
| How to avoid the aCropalypse |
|
|
|
| Anatomy of a Reflected XSS: My Discovery on a Microsoft’s Subdomain |
|
|
|
| Microsoft Defender for Cloud Management Port Exposure Confusion |
|
|
|
| Vulnerabilities in the TPM 2.0 reference implementation code |
|
|
|
| Feeding Tasty Objects to Visual Studio's App Center SDK for Apple |
|
|
|
| Escaping well-configured VSCode extensions (for profit) |
|
|
|
| How I found DOM-Based XSS on Microsoft MSRC and How they fixed it |
|
|
|
| Information Disclosure Vulnerability in Adobe Experience Manager affecting multiple companies including Microsoft, Apple, Amazon, McDonald’s and many more. |
|
|
|
| LocalPotato - When Swapping The Context Leads You To SYSTEM |
|
|
|
| Can't Wait to Shut You Down — Remote DoS Using Wininit.exe |
|
|
|
| Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI |
|
|
|
| Activation Context Cache Poisoning: Exploiting CSRSS For Privilege Escalation |
|
|
|
| Reflected XSS Leads to 3,000$ Bug Bounty Rewards from Microsoft Forms |
|
|
|
| 2022 Microsoft Teams RCE |
|
|
|
| Stored XSS vulnerability in Microsoft booking |
|
|
|
| The OWASSRF + TabShell exploit chain |
|
|
|
writeups.xyz
/
Microsoft