Skip to content
  • HOME

@omespino

just another security blog.

Written by December 19, 2020January 18, 2021

WRITE UP: Google VRP N/A – Sandboxed RCE as root on Apigee API proxies

Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a very short story about one of my last bugs, and how I managed to get an RCE as Root in Apigee (Google acquisition) Extracted from Google VRP’s report: (the actual Google VRP report) Summary: RCE […]

Written by October 1, 2020January 11, 2021

WRITE UP – [Google VRP Prize update] GOOGLE BUG BOUNTY: XSS to Cloud Shell instance takeover (RCE as root) – $5,000 USD

[ Update: this writeup was modified to participate in GCP VRP Prize 2020 Awards ] Introduction: Hi everyone It’s been a while since my last post (1 year w00t!) but I’m back, I want to tell you a short story about one of my last bug bounties, and how I escalated a simple XSS to […]

Written by August 27, 2019January 19, 2021

WRITE UP – Private bug bounty $$,$$$ USD: “RCE as root on Marathon-Mesos instance”

Hi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about why your professional background mather when you do bug bounties (in my case my job as DevOps engineer) if you know how something works, you might be able to break it. Report Summary: […]

Written by May 21, 2019January 19, 2021

WRITE UP – GOOGLE BUG BOUNTY: LFI ON PRODUCTION SERVERS in “springboard.google.com” – $13,337 USD

Hi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about my greatest find so far (My first P1) It was in Google VRP program and why you can always check for dirs in 301 / 302 / 403 / 404 status pages because […]

Written by March 14, 2019January 11, 2021

WRITE UP – $1,000 USD IN 5 MINUTES, XSS STORED IN OUTLOOK.COM (IOS BROWSERS)

Hi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about the Microsoft bug bounty program and why you can always check the basic payloads because you will surprise that some times will work: SPOILER ALERT: I highly recommend Miscrosoft Bug Bounty Program, in […]

Written by December 15, 2018January 7, 2021

TUTORIAL – UNIVERSAL ANDROID SSL PINNING IN 10 MINUTES WITH FRIDA

Hi everyone It’s been a while since my last post but I’m back, now I want to show you that you can start hacking android apps with frida without pain, I took me several hours to figure out how to get the frida installation ready but at the end that wasn’t really really difficult, the […]

Written by September 7, 2018January 8, 2021

WRITE UP – LOVE STORY, FROM CLOSED AS INFORMATIVE TO $3,500 USD, XSS STORED IN YAHOO! IOS MAIL APP

Hi everyone It’s been a while since my last post but I’m back, I want to tell you a love story about Yahoo! bug bounty program that is very great because I learned a lot of lessons, so I got into Yahoo! Security Hall of Fame (2018) via Hackerone, so here we go: Report Summary (first try): […]

Written by July 16, 2018December 30, 2020

WRITE UP – TELEGRAM BUG BOUNTY – WHATSAPP N/A [“Blind” XSS Stored iOS in messengers twins, who really care about your security?]

Hi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about Telegram/Whatsapp bug bounty that is very great because this was my first Bitcoin bug bounty payment: [Note] the vulnerability was exactly the same so [It was accepted by Telegram but marked as N/A […]

Written by February 21, 2018December 23, 2020

WRITE UP – TWITTER BUG BOUNTY [Report of my 1st bugbounty]: “POODLE SSLv3 bug on multiple twitter smtp servers”

Hi everyone, this is very special to me, is the report for my first bug bounty ever! in 2017, so far I’ve found another bugs in platforms like Facebook and Nokia, but this one will always be my favorite because was the 1st one, so I got into Twitter Security Hall of Fame (2017) via […]

Written by February 2, 2018December 30, 2020

WRITE UP – Nokia HOF / Internal IPs disclosure

Hi everyone this is a write up about how do I got into the Nokia security Program Hall of Fame, so here we go: Note: this bug has been reported in about 10 companies and only Nokia accepted it as a valid report Do you think that internal IP disclosure is a security flaw? Share […]

Posts navigation

Older posts