Home
About
Careers
Services
Penetration Testing
Application Security
Security Engineering
Posts
Contact
Posts by category
research,
07 Nov 2022 - Taking over Azure Devops Accounts and Microsoft Pipelines
azure
13 Sep 2024 - Escalating from Reader to Contributor in Azure API Management
10 Nov 2023 - Accessing Azure Kubernetes Service as Guest and Cross-Tenant
13 Jun 2023 - Exploiting the Azure Management API for App Services
07 Nov 2022 - Taking over Azure Devops Accounts and Microsoft Pipelines
bug_bounty,
10 Mar 2025 - Azure’s Weakest Link? How API Connections Spill Secrets
17 Jan 2025 - Finding SSRFs in Azure DevOps
20 Nov 2024 - Azure CLI Token Leak
05 Nov 2024 - Escalating from Reader to Contributor in Azure API Management pt II
13 Sep 2024 - Escalating from Reader to Contributor in Azure API Management
10 Nov 2023 - Accessing Azure Kubernetes Service as Guest and Cross-Tenant
13 Jun 2023 - Exploiting the Azure Management API for App Services
13 Apr 2023 - Why you shouldn't include secrets in Docker images, a Google Cloud case study
google
13 Apr 2023 - Why you shouldn't include secrets in Docker images, a Google Cloud case study
microsoft,
10 Mar 2025 - Azure’s Weakest Link? How API Connections Spill Secrets
17 Jan 2025 - Finding SSRFs in Azure DevOps
20 Nov 2024 - Azure CLI Token Leak
05 Nov 2024 - Escalating from Reader to Contributor in Azure API Management pt II
13 Sep 2024 - Escalating from Reader to Contributor in Azure API Management
10 Nov 2023 - Accessing Azure Kubernetes Service as Guest and Cross-Tenant
13 Jun 2023 - Exploiting the Azure Management API for App Services
azure,
10 Mar 2025 - Azure’s Weakest Link? How API Connections Spill Secrets
17 Jan 2025 - Finding SSRFs in Azure DevOps
20 Nov 2024 - Azure CLI Token Leak
05 Nov 2024 - Escalating from Reader to Contributor in Azure API Management pt II
APIM
05 Nov 2024 - Escalating from Reader to Contributor in Azure API Management pt II
ACR
20 Nov 2024 - Azure CLI Token Leak
devops
17 Jan 2025 - Finding SSRFs in Azure DevOps
.NET,
31 Jan 2025 - CRLF injection via TryAddWithoutValidation in .NET
vulnerabilities
31 Jan 2025 - CRLF injection via TryAddWithoutValidation in .NET
API
10 Mar 2025 - Azure’s Weakest Link? How API Connections Spill Secrets
Connection
10 Mar 2025 - Azure’s Weakest Link? How API Connections Spill Secrets