Blog




Weaponizing Monster for Cookies Attacks

VSRC, 2 years ago

Summary To find the weak secret key in web applications, I used cookiemonster during pentests and scout. When a key is leaked, it can make…

Liferay revisited: A tale of 20k$

VSRC, 2 years ago

At the beginning of this year, we found an interesting exploit chain to achieve pre-auth RCE on an asset of a big Fintech company. Due to…