Marcin NiemiecAzure subscription security reviewLately I have come across task to perform security review of Azure subscription. It was white-box based and I had access to all terraform…4 min read·Feb 1, 2021----
Marcin NiemiecHacking SpEL — part 1This story will explain how to find and exploit SpEL parser in web applications based on Java language.3 min read·Jul 17, 2020----
Marcin NiemiecFrom . in regex to SSRF — part 3This is last part of my stories about exploiting service with SSRF bug. Part 1 is available here, and part 2 here.3 min read·Jul 7, 2020--1--1
Marcin NiemiecFrom . in regex to SSRF — part 2In this story I will continue my journey to exploit Server Side Request Forgery (SSRF). Part 1 is available here.3 min read·Jun 14, 2020----
Marcin NiemiecFrom . in regex to SSRF — part 1In test of one application I have encountered bug in regex that leaded to SSRF. Way of finding it was huge fun and excitement…3 min read·Jun 5, 2020----