Blog Posts

Disclaimer: Throughout this post, we use the fictional company name “Acme, Inc” and product name “TrustMe AI” as aliases. We are not permitted to reveal the real company or product names. Any resemblance to actual company or product names is purely coincidental. TL;DR A popular AI coding agent quietly spins up a local web server…

Chaining Method Override and CSRF Vulnerabilities for Account Takeover As a security researcher, uncovering vulnerabilities that could potentially lead to severe security breaches is both challenging and rewarding. In this post, I will discuss a fascinating case involving method override and Cross-Site Request Forgery (CSRF) vulnerabilities, which could lead to an account takeover. Please note…

In this blog post, I detail how I uncovered a critical vulnerability in a popular online service’s password reset feature. Due to poor password reset implementation practices, I was able to gain unauthorized access to user accounts. In this research, I will lay out the thought process from a hacker’s perspective to achieve an account…