Data

Atom.io Misconfiguration Allowed Code Execution on Untrusted Networks

Developers have increasingly become a more valuable target to compromise in recent years. The DevOps movement means they have more access to production, not to mention the plethora of source code and keys that you are likely to find.

Read More

Brilliant Hire Exposure No Bounty

During security research a few years back, I discovered an exposure on SAP’s BrilliantHire API - an exposed Node.js debugger instance that provided full remote code execution capabilities and access to sensitive AWS credentials, database encryption keys, and production source code. The finding highlights how a simple misconfiguration can lead to complete system compromise.

Read More