Decoding Spotify Barcodes - Defcon 32 Coin Challenge Solution [2024]

XSS via CSPT and Open Redirect - Solution to August '24 Challenge (Defcon)

Intigriti Kick off 2024

Exploiting Insecure Output Handling in LLMs

Indirect Prompt Injection

Exploiting Vulnerabilities in LLM APIs

Exploiting LLM APIs with Excessive Agency

Intigriti Customer Story: Personio

Performing CSRF Exploits Over GraphQL

Misconfig Mapper - Hacker Tools

Bypassing GraphQL Brute Force Protections

Finding a Hidden GraphQL Endpoint

Accidental Exposure of Private GraphQL Fields

Accessing Private GraphQL Posts

Prototype Poisoning and Unicode Case Mapping Collision - Solution to March '24 Challenge

Introduction to GraphQL Attacks

Aggressive Scanning in Bug Bounty (and how to avoid it)

Exploiting Server-side Parameter Pollution in a REST URL

Common Scoping Mistakes

Exploiting Server-side Parameter Pollution in a Query String

Understanding Scope, Ethics and Code of Conduct (CoC)

Exploiting a Mass Assignment Vulnerability

Unicode Normalization and Cookie Path Precedence - Solution to February (Valentines) '24 Challenge

Finding and Exploiting an Unused API Endpoint

Exploiting an API Endpoint using Documentation

Web Shell Upload via Race Condition

DOM Clobbering, CSPP (axios) and XSS - Unintended Solutions to January '24 Challenge

Exploiting Time-sensitive Vulnerabilities

Intigriti Customer Story: Microsoft

Partial Construction Race Conditions