Blogs
May 2025
Authorization Code Interception via Open Redirect in an AWS Cognito OAuth Flow
A practical account takeover chain that abuses a public OAuth client and an open redirect in the SSO callback to intercept authorization codes mid-flight, without touching the victim's password.
oauth
aws-cognito
account-takeover
token-leak
May 2025
From Zero to Admin via GraphQL & BFLA
A full account takeover chain starting from an unauthenticated GraphQL introspection, through OTP exposure and privilege escalation via Broken Function Level Authorization, ending with admin API key extraction.
graphql
bfla
account-takeover
web
May 26, 2025
Compromising an Azure Tenant via XXE OOB and web.config Exfiltration
azure
xxe
cloud-security
pentest