Tag: Browser

• [$15,000 Bounty] M365 Phish: Power Platform Privilege Escalation and Pivoting (29 Feb 2024)
  Exploring the M365 Power Platform as a means of privilege escalation and flexing control over a phishing victim's SharePoint, OneDrive, Outlook, and Microsoft Teams data.
• [$1250 - High Severity] Bypassing Brower Extension's Geolocation Spoofing with a Malicious Website (Location Guard & ExpressVPN) (28 Aug 2023)
  Bypassing the spoof geolocation feature in browser extensions to disclose the physical location of a user. I share two high severity bugs. Bug 1 is a generic payload that works across multiple extensions, and bug 2 is an ExpressVPN specific payload that has been patched. This post is a case study with the Location Guard & ExpressVPN extensions, my bug bounty experience, and a few takeaways that may prove insightful for others.
• Finding Vulnerabilities in an 18 Year Old MMO (12 Nov 2021)
  Finding and abusing size constrained XSS and a payment gateway bypass in an 18 year old MMO.

---

All Tags

POC Hacking JavaScript reverse-engineering SharePoint PowerApps Debugging Cloud BugBounty Browser TypeScript Tutorial Privilege-Escalation Power-Automate OneDrive Microsoft M365 Joplin Game-Hacking Electronjs Chromium Browser-Extension x64dbg x32dbg pykd mona.py mobile linux il2cpp adb XXS Wordpress WinDbg-Preview WinDbg Web-Appplication Web VSCode VPS Unity Tooling Static-Analysis Race-Condition Python PowerShell Power-Platform Phishing Pentesting Paypal Payment-Gateway Outlook Oracle Optimization Open-Source Microsoft-Teams Microsoft-Edge Javascript Java Image-Manipulation IDE HackerOne GraphQL Google-Maps Frida Extension ExpressVPN Exploits Email Electron.js Dynamic-Testing Docker Development Credential-Dumping CodeQL Code-Review CTF BurpSuite BugCrowd Blender Android .apk