CyberSecurity Revolution
In this video, I have tried my best to explain the Request Smuggling attack by first explaining how a server handles HTTP requests based on Content-Length and Transfer-Encoding Headers. I will soon follow up with
Continue reading
This is a story of an IDOR I reported on an Asian fashion eCommerce website’s private program. Like most eCommerce websites, this website provided a feature to store addresses in the customer’s account …
Continue reading
Have you ever come across this header:
Content-Type: application/x-protobuf
Read on to know what it means and what are possible attack scenarios.
Continue readingBadBotHoneypotEndpoint is used by AWS customers who do not want bots, unauthorised spiders and scrapers to scan their site. It works by blacklisting IP addresses of such bots. I discovered a vulnerability with this endpoint that could allow an attacker to blacklist random IPs.
Continue readingThis is the story of a juvenile SSRF bug who did know it had the potential to look at AWS secrets. 😮
Continue reading
Hey There, I am Amey Anekar - Cyber Security Specialist with a passion for solving security problems even when resources are limited. I've been fortunate to develop a knack for gauging an organization's cyber security posture and helping them plan a transition towards becoming more resilient in the face of cyber threats. It's a privilege to be able to contribute to the field and assist organizations in safeguarding their digital assets. Get In Touch