| Uncovering a Bug I Found in Outlook: How Could an Account Has Been Compromised? |
|
|
|
| Microsoft bug reports lead to ranking on Microsoft MSRC Quarterly Leaderboard (Q3 2022) |
|
|
|
| Passwordless Persistence and Privilege Escalation in Azure |
|
|
|
| You’ve Crossed the Line — Disturbing a Host’s Rest |
|
|
|
| SysmonEoP |
|
|
|
| CertPotato – Using ADCS to privesc from virtual and network service accounts to local system |
|
|
|
| SyncJacking: Hard Matching Vulnerability Enables Azure AD Account Takeover |
|
|
|
| Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures |
|
|
|
| Security and Privacy Failures in Popular 2FA Apps |
|
|
|
| Windows Kernel: Exploit CVE-2022-35803 in Common Log File System |
|
|
|
| Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049) |
|
|
|
| Blind SSRF in Skype (Microsoft) |
|
|
|
| Technical Analysis of Windows CLFS Zero-Day Vulnerability CVE-2022-37969 - Part 1: Root Cause Analysis |
|
|
|
| Visual Studio Code Jupyter Notebook RCE |
|
|
|
| Microsoft SharePoint Server Post-Authentication Server-Side Request Forgery vulnerability |
|
|
|
| The Logging Dead: Two Event Log Vulnerabilities Haunting Windows |
|
|
|
| A New Attack Surface on MS Exchange Part 4 - ProxyRelay! |
|
|
|
| FabriXss (CVE-2022-35829): How We Managed to Abuse a Custom Role User Using CSTI and Stored XSS in Azure Fabric Explorer |
|
|
|
| Microsoft Office Online Server Remote Code Execution |
|
|
|
| Guest Blog Post - Memory corruption vulnerabilities in Edge |
|
|
|
| Microsoft Office 365 Message Encryption Insecure Mode of Operation |
|
|
|
| $6000 with Microsoft Hall of Fame | Microsoft Firewall Bypass | CRLF to XSS | Microsoft Bug Bounty |
|
|
|
| Cold Hard Cache — Bypassing RPC Interface Security with Cache Abuse |
|
|
|
| Insecure Comments |
|
|
|
| Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned) |
|
|
|
writeups.xyz
/
Microsoft