| Escalating From Reader To Contributor In Azure API Management |
|
|
|
| Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation |
|
|
|
| Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess |
|
|
|
| Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD |
|
|
|
| UnOAuthorized: Privilege Elevation Through Microsoft Applications |
|
|
|
| Vestaboard: Exploring Broken Access Controls and Privilege Escalation |
|
|
|
| How I Earned $469 Bounty: Bypassing Plan Restriction |
|
|
|
| Escalating Privileges in Google Cloud via Open Groups |
|
|
|
| Bypass Plan Restriction & Get 350$ Bounty |
|
|
|
| ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions |
|
|
|
| Exploiting Broken Authentication Control In GraphQL |
|
|
|
| Exploiting GCP Cloud Build for Privilege Escalation |
|
|
|
| SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts |
|
|
|
| How I Discovered Authentication Bypass That Blocks Users from Accessing the Website ? |
|
|
|
| CVE-2024-27292: docAssembling exploits for RCE |
|
|
|
| Hijacking GitHub Runners To Compromise The Organization |
|
|
|
| Arbitrary 1-click Azure tenant takeover via MS application |
|
|
|
| Hello: I’m your Domain Admin and I want to authenticate against you |
|
|
|
| So I Became A Node: Exploiting Bootstrap Tokens In Azure Kubernetes Service |
|
|
|
| Amplified exposure: How AWS flaws made Amplify IAM roles vulnerable to takeover (CVE-2024-28056) |
|
|
|
| Wiz Research finds architecture risks that may compromise AI-as-a-Service providers and consequently risk customer data; works with Hugging Face on mitigations |
|
|
|
| From Discovery to Disclosure: ReCrystallize Server Vulnerabilities |
|
|
|
| Broken access control in GoAnywhere Admin portal |
|
|
|
| Hacking Terraform State for Privilege Escalation |
|
|
|
| Account Takeover [It Looked Secure at First] |
|
|
|
writeups.xyz
/
Privilege Escalation