Marcin NiemiecAzure subscription security reviewLately I have come across task to perform security review of Azure subscription. It was white-box based and I had access to all terraform…Feb 1, 2021Feb 1, 2021
Marcin NiemiecHacking SpEL — part 1This story will explain how to find and exploit SpEL parser in web applications based on Java language.Jul 17, 2020Jul 17, 2020
Marcin NiemiecFrom . in regex to SSRF — part 3This is last part of my stories about exploiting service with SSRF bug. Part 1 is available here, and part 2 here.Jul 7, 20201Jul 7, 20201
Marcin NiemiecFrom . in regex to SSRF — part 2In this story I will continue my journey to exploit Server Side Request Forgery (SSRF). Part 1 is available here.Jun 14, 2020Jun 14, 2020
Marcin NiemiecFrom . in regex to SSRF — part 1In test of one application I have encountered bug in regex that leaded to SSRF. Way of finding it was huge fun and excitement…Jun 5, 2020Jun 5, 2020