research

WEBN/AMarch 2021

GOOGLE VRP N/A – SSRF BYPASS WITH QUADZERO IN GOOGLE CLOUD MONITORING

Introduction Hi everyone It’s been a while since my last post, but I’m back, I want to tell you a very short story about one of my last bugs, and how I managed to bypass some Google Cloud Monitoring protections to achieve an SSRF This blogpost appeared first in the book Bug Bounty Write Ups […]

WEBN/ADecember 2020

GOOGLE VRP N/A – SANDBOXED RCE AS ROOT ON APIGEE API PROXIES

Introduction Hi everyone It’s been a while since my last post but I’m back, I want to tell you a very short story about one of my last bugs, and how I managed to get an RCE as Root in Apigee (Google acquisition) This blogpost appeared first in the book Bug Bounty Write Ups Collection […]

WEB$5,000 USDOctober 2020

GOOGLE BUG BOUNTY – XSS TO CLOUD SHELL INSTANCE TAKEOVER (RCE AS ROOT) – $5,000 USD

[ Update: this writeup was modified to participate in GCP VRP Prize 2020 Awards ] Introduction Hi everyone It’s been a while since my last post (1 year w00t!) but I’m back, I want to tell you a short story about one of my last bug bounties, and how I escalated a simple XSS to […]

WEB$$,$$$ USDAugust 2019

PRIVATE BUG BOUNTY – RCE AS ROOT ON MARATHON-MESOS INSTANCE – $$,$$$ USD

IntroductionHi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about why your professional background mather when you do bug bounties (in my case my job as DevOps engineer) if you know how something works, you might be able to break it. This blogpost […]

WEB$13,337 USDMay 2019

GOOGLE BUG BOUNTY – LFI ON PRODUCTION SERVERS IN SPRINGBOARD.GOOGLE.COM – $13,337 USD

Introduction Hi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about my greatest find so far (My first P1) It was in Google VRP program and why you can always check for dirs in 301 / 302 / 403 / 404 status pages […]

MOBILE$1,000 USDMarch 2019

$1,000 USD, XSS STORED IN OUTLOOK.COM (IOS BROWSERS)

IntroductionHi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about the Microsoft bug bounty program and why you can always check the basic payloads because you will surprise that some times will work: SPOILER ALERT: I highly recommend Miscrosoft Bug Bounty Program, in […]

MOBILEDecember 2018

UNIVERSAL ANDROID SSL PINNING IN 10 MINUTES WITH FRIDA

IntroductionHi everyone It’s been a while since my last post but I’m back, now I want to show you that you can start hacking android apps with frida without pain, I took me several hours to figure out how to get the frida installation ready but at the end that wasn’t really really difficult, the […]

MOBILE$3,500 USDSeptember 2018

LOVE STORY, FROM CLOSED AS INFORMATIVE TO $3,500 USD, XSS STORED IN YAHOO! IOS MAIL APP

IntroductionHi everyone It’s been a while since my last post but I’m back, I want to tell you a love story about Yahoo! bug bounty program that is very great because I learned a lot of lessons, so I got into Yahoo! Security Hall of Fame (2018) via Hackerone, so here we go: This blogpost appeared first […]

MOBILE$$$ USDJuly 2018

TELEGRAM BUG BOUNTY – WHATSAPP N/A – BLIND XSS STORED IN IOS MESSENGERS

IntroductionHi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about Telegram/Whatsapp bug bounty that is very great because this was my first Bitcoin bug bounty payment: This blogpost appeared first in the book Bug Bounty Write Ups Collection [Note] the vulnerability was exactly […]

NETWORK$$$ USDFebruary 2018

TWITTER BUG BOUNTY – POODLE SSLV3 BUG ON MULTIPLE TWITTER SMTP SERVERS

IntroductionHi everyone, this is very special to me, is the report for my first bug bounty ever! in 2017, so far I’ve found another bugs in platforms like Facebook and Nokia, but this one will always be my favorite because was the 1st one, so I got into Twitter Security Hall of Fame (2017) via […]