Tag: BugBounty [5]

My AI Use Cases | Retrospective (Mar 15, 2026)
From blog re-platforming, static/taint analysis across multiple languages, SAST tooling + AI Assisted code review. I discuss my use cases and experiences with AI.
Hasbro | MTG Arena: TextMeshPro injection via. WOTC DisplayName = 100% win rate against Desktop and iPad opponents (Nov 26, 2025)
TextMeshPro markup injection leads to whited out screen.
[$15,000 Bounty] M365 Phish: Power Platform Privilege Escalation and Pivoting (Feb 29, 2024)
Exploring the M365 Power Platform as a means of privilege escalation and flexing control over a phishing victim's SharePoint, OneDrive, Outlook, and Microsoft Teams data.
[$1250 - High Severity] Bypassing Brower Extension's Geolocation Spoofing with a Malicious Website (Location Guard & ExpressVPN) (Aug 28, 2023)
Bypassing the spoof geolocation feature in browser extensions to disclose the physical location of a user. I share two high severity bugs. Bug 1 is a generic payload that works across multiple extensions, and bug 2 is an ExpressVPN specific payload that has been patched. This post is a case study with the Location Guard & ExpressVPN extensions, my bug bounty experience, and a few takeaways that may prove insightful for others.
Download and Sort HackerOne Hacktivity Reports Using GraphQL Introspection (Jan 12, 2022)
HackerOne hacktivity reports can have very useful (and interesting) content for learning how to test real systems for vulnerabilities. Unfortunately, it's impossible to sort on interesting fields such as severity and bounty from within the Hacktivity web UI. The goal of this post is to demonstrate a means of filtering/sorting HackerOne reports in an attempt to find writeups with valuable techniques/methodologies/strategies or other interesting information.

All Tags

Web (10) Hacking (10) POC (10) JavaScript (7) BugBounty (5) BugReports (5) reverse-engineering (4) Cloud (4) Development (3) Debugging (3) Security (3) Browser (3) Electronjs (2) Joplin (2) TypeScript (2) SharePoint (2) Chromium (2) Game-Hacking (2) Tutorial (2) XSS (2) PowerApps (2) Microsoft (2) Power-Platform (2) Privilege-Escalation (2) Browser-Extension (2) Credential-Dumping (2) Microsoft-Edge (1) Electron.js (1) Race-Condition (1) Unity (1) Blender (1) Payment-Gateway (1) Paypal (1) Dynamic-Testing (1) PowerShell (1) WinDbg (1) WinDbg-Preview (1) x32dbg (1) x64dbg (1) mona.py (1) pykd (1) Android (1) Frida (1) BurpSuite (1) .apk (1) Java (1) linux (1) il2cpp (1) adb (1) mobile (1) GraphQL (1) HackerOne (1) Pentesting (1) Python (1) CTF (1) Image-Manipulation (1) Wordpress (1) Email (1) Oracle (1) VPS (1) M365-Services (1) Phishing (1) Google-Maps (1) Optimization (1) CodeQL (1) BugCrowd (1) ExpressVPN (1) Power-Automate (1) M365 (1) Outlook (1) OneDrive (1) Microsoft-Teams (1) AWS (1) CodeBuild (1) Azure-DevOps (1) CICD (1) GitHub (1) TextMeshPro (1) Injection (1) C# (1) AI (1) Claude-Code (1) Static-Analysis (1) SAST (1) Code-Review (1) Astro (1) MCP (1) Tooling (1) Vibe-Coding (1)