PinnedHow I find my first Stored XSS: 650€Introduction: Hi everyone! 🎉 My name is Filipe Azevedo, known as filipaze on the internet. This is my first write-up. 😃 How I started: During the COVID-19 pandemic with nothing to do between classes, I ventured into the world of cybersecurity and started doing bug bounties in October last year. So, let’s go to the funny part: I started the…Info Sec Writeups2 min read
Jul 27, 2021Abusing JSON Web Token to steal accounts — 3000$Hello fellow hackers! 👋 My name is Filipe Azevedo, I am a Cyber Security Researcher from Portugal. I work mainly for Intigriti and Hackerone. Today I’m going to show you a recent finding on a private program. So, let’s go to the vulnerability. What’s JWT? JWTs provide a stateless solution to…Info Sec Writeups2 min read
Jun 18, 2021CSRF on Password ResetHi hackers! 👋 My name is Filipe Azevedo and in this post, I’m going to talk about a CSRF that I recently found on a private program on HackerOne. For obvious reasons let’s call it example.com. What is CSRF? Cross site request forgery (CSRF), is an attack that tricks a…Info Sec Writeups2 min read
