| Exploiting Arbitrary Object Instantiations in PHP without Custom Classes |
|
|
|
| PII Disclosure of Apple Users ($10k) |
|
|
|
| Exploiting vulnerabilities in iOS Application |
|
|
|
| [1/3] Brute-Force Protection Bypass @ GitLab |
|
|
|
| Write Up – Android Application Screen Lock Bypass Via ADB Brute Forcing |
|
|
|
| No Rate Limiting on OTP sending |
|
|
|
| How I was able to take over accounts in websites deal with Github as an SSO provider |
|
|
|
| Bounty Evaluation GitHub = $15,000 US Dollars | Rate Limit |
|
|
|
| How I managed to hack User accounts of a billion-dollar sport platform |
|
|
|
| How I was able to revoke your Instagram 2FA |
|
|
|
| 10 golden minutes for taking over a Chess.com account |
|
|
|
| Facebook Email/phone disclosure using Binary search |
|
|
|
| Password reset code brute-force vulnerability in AWS Cognito |
|
|
|
| OTP brute-force via rate limit bypass |
|
|
|
| How I Might Have Hacked Any Microsoft Account |
|
|
|
| An unexpected bug |
|
|
|
| BMW Bug Bounty – Account Verification Bypass writeup |
|
|
|
| My first and last crit of 2020 on Hackerone |
|
|
|
| Finding bugs on Chess.com |
|
|
|
| CVE-2020-11518: how I bruteforced my way into your Active Directory |
|
|
|
| How I bypassed 2fa in a 3 years old private program! |
|
|
|
| The 3 Day Account Takeover |
|
|
|
| Bypass 2FA like a Boss |
|
|
|
| How I managed to Escalate privilege as admin |
|
|
|
| Account Takeover via OTP Bruteforce (Apigee API) |
|
|
|
writeups.xyz
/
Bruteforce