Github CFOR Walkthrough

Cross-Fork Object References (CFOR’s) are a feature of how Github works, but they can result in information leaks. Build a replica of Github to investigate further.

November 7, 2024 · Sam Burns

HackerOne Automated Target Enumeration

The HackerOne bug bounty platform is the largest one to have its own researcher API. The ability to retrieve a list of in-scope targets creates the possibility for large scale vulnerability scanning.

April 14, 2024 · Sam Burns

DNS Exfiltration

DNS exfiltration allows getting data off a compromised machine using DNS lookups to hide the data. During security research, using DNS for exfiltration may help circumvent security restrictions or avoid detection.

April 13, 2024 · Sam Burns