Komodo ResearchSep 10, 20193 minAn Accidental SSRF Honeypot in Google CalendarThis is a story of what both I and Google engineers considered to be an SSRF vulnerability in Google Calendar – but turned out to be some...
Komodo ResearchMay 15, 20194 minIs MIME Sniffing XSS a real thing? [The story of weird Google bug bounties]Let’s start at the end. This one got me seriously confused. It all started a few months ago when a colleague was hacking away at some...
Komodo ResearchMar 25, 20193 minGoogle Groups Authorization Bypass / $500 bountyTl;dr: I’ve recently been playing around with Google services, poking here and there for security vulnerabilities. It’s been a quite a...
Komodo ResearchMay 17, 20185 min THE ARMY OF THE HEADLESS BROWSERSHow Facebook infrastructure can be used to perform DDoS. As a penetration tester, examining proprietary applications and repeatedly...