Cases

Security Cases

Real-world vulnerability research and attack chain walkthroughs. See how single misconfigurations cascade into critical compromises.

Auth BypassCVSS 9.0critical

Mar 27, 20268 min read

The Login Link That Let Anyone In

The platform sent login links by email. Each link contained a token. The problem was the application accepted that token from the URL and bound it to whoever authenticated next — which meant an attacker who knew the token could wait for any user to log in and immediately inherit their session.

Read case

Otherinformational

Mar 25, 20268 min read

What Goes Into a Security Assessment: From Reconnaissance to Remediation

A detailed look at how we conduct security assessments — from initial reconnaissance through manual exploitation to delivering actionable remediation reports.

Read case

Auth BypassCVSS 9.1critical

Mar 24, 20264 min read

The Trusted Email That Wasn't

A legitimate password reset email — SPF passed, DKIM valid, sender verified. But the link inside pointed to an attacker's domain. One HTTP header turned a routine email into a full account takeover.

Read case

IDORCVSS 9.3critical

Mar 22, 20265 min read

Half a Billion Profiles Behind a User-Agent String

A major platform's API returned full user profiles to anyone who asked. The only barrier was a WAF that ignored mobile traffic. One header change, hundreds of millions of accounts exposed.

Read case

Auth BypassCVSS 8.6high

Mar 20, 20265 min read

The Trailing Slash That Bypassed Authentication

Adding a single character to the end of a URL turned a 401 into a 200. Not on one endpoint — on thirty, across ten microservices. One slash, an entire backend unlocked.

Read case