Memorable Client Findings

  • Access control flaw + IDOR = DoS in shopping cart application :money_with_wings::shopping_cart:
  • WAF Bypass via client auto-generated email led to SQLi by mentor :mailbox_with_mail::syringe:
  • Wordpress plugin SSRF to AWS metadata endpoint -> AWS creds leak :satellite::old_key:
  • Reflected XSS on popular website prod UAT -> bypass via HTML encoding :currency_exchange::boom:

Work Changes

  • HackLabs + Pure Hacking + Securus Global ~> PS+C Security
  • Shortly after, they then rebranded as Pure Security
    • Some people have three emails :joy:
  • The office finally relocated to North Sydney
    • My transport time is now 40mins instead of almost 2h

First Business Trip

Out of pure luck I was selected to go overseas on-site for a Web Application test. Most tests can be done remotely but this client is particular doing it on-site so myself and a senior consultant @DzL went to Singapore :singapore:



It was a super great experience and I can’t really complain:

  • All flights and hotel expenses paid, transport reimbursed
  • Got a daily allowance of $125 per working day
  • Was a five day trip with two days weekend (to enjoy)
  • Client was kind enough to put hotel 10mins walk away from site

Friends come and go

  • Unfortunately @Tophat has left the company to seek greener pastures.
    He will be missed :cry::tophat::coffee::computer:
  • The new intern @p1g is joining the company after the new years break.:pig:

Hacker culture