Mikhail Egorov

HTTP smuggling via fake WebSocket connection github.com/0ang3el/websoc…

The MOST vulnerable contracts in all DeFi just got upgraded! ⚙️ New testing env: Solidity 0.8 + Hardhat + Ethers 🌟 4 new levels 💥 New (broken) integrations with Uniswap v2, Gnosis Safe wallets, upgrades, timelocks, NFTs, and more! damnvulnerabledefi.xyz/v2-release.html

Here is the writeup: 0day.click/recipe/discour…

Finally, here is the blog for the prototype pollution research we did. "A tale of making internet pollution free" - Exploiting Client-Side Prototype Pollution in the wild pwn.af/research/pp

CVE-2021-40346 HAProxy HTTP Smuggling and ACL bypass analysis 1. jfrog.com/blog/critical-… 2. t.zsxq.com/FmqvVZv demo: github.com/CHYbeta/OddPro…

Here're slides from my talk at ZeroNights X! A 0-day for GhostScript 9.50, RCE exploit chain for ImageMagick with the default settings from Ubuntu repos and several bug bounty stories inside slideshare.net/neexemil/hotpi…

HTTP/2: The Sequel is Always Worse by @albinowax portswigger.net/research/http2

A New Attack Surface on Microsoft Exchange! The series covers most of my Black Hat USA and DEFCON talks (with slides and video inside). More articles and vulnerabilities are coming soon! blog.orange.tw/2021/08/proxyl…

✍️We would like to share with the community some uncommon but not unique cases from our experience. Let us know if you like this format. ✅Stored XSS using .xbl files.

Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) by @artsploit portswigger.net/research/pre-a… #exploit #bugbounty

[Release] 𝗣𝗗 𝗔𝗰𝘁𝗶𝗼𝗻𝘀 - Continuous reconnaissance and vulnerability assessment using GitHub Actions. Project:- github.com/projectdiscove… Blog:- blog.projectdiscovery.io/github-actions… #opensource #bugbounty #cybersecurity #appsec #pentest

Check out our blog post on Context Aware Content Discovery blog.assetnote.io/2021/04/05/con… - we drop a tool (Kiterunner - github.com/assetnote/kite…) and some datasets. Hope you can find more endpoints through our work!

New attacks on OAuth: SSRF by design and Session Poisoning by @artsploit portswigger.net/research/hidde…

My colleague @seanyeoh wrote up his security research on H2C smuggling and the various cloud providers he successfully exploited (Cloudflare, Azure). He also released a tool called h2csmuggler! Check it out at blog.assetnote.io/2021/03/18/h2c…

I got $15k #bugbounty for being able to execute a single shell command on my own laptop! That command was "man qemu-img". hackerone.com/reports/1024899

Thanks to everyone that tuned into my talk on Hacking IIS at #NahamCon2021. The slides for my talk are available here: drive.google.com/file/d/1O0IARj…

I know there are lots of people waiting for the recent Microsoft Exchange pre-auth RCE on our side. This is a short advisory and detailed timeline. proxylogon.com #proxylogon

Blog post: mapping out Burp Suite's crawler. This is a deep dive into the crawler, which is at the heart of Burp Suite's capabilities, and covers the crawler's origins, its current state and plans for the future. portswigger.net/blog/web-appli…

I'm releasing my tool that detects HTTP Request Smuggling opportunities that arise during HTTP/2 -> HTTP/1.1 conversion by the "frontend" servers: github.com/neex/http2smugl. Comments & suggestions much appreciated. @albinowax what do you think about that?

Just when you thought JSON was the one thing you could trust. My latest research on JSON interoperability vulnerabilities highlights the risks of inconsistent parser behavior (40+ parsers) and attacks to bypass business logic in microservice architectures. labs.bishopfox.com/tech-blog/an-e…

We did some fun tricks with nginx on bug bounties a while back, and made a post about out the configurations being vulnerable labs.detectify.com/2021/02/18/mid…