Memorable Client Findings

On a Mobile App Pentest, I found a critical-risk vulnerability even before logging in. The infrastructure was a CloudFront WAF infront of a Jetty webserver. I was able to leverage URL parser differential behaviour to bypass blocks on a certain path and gain access to sensitive data in webserver logs. Thanks PTSwarm!
Wrote a quick and dirty Burp Suite plugin on an API pentest to calculate a HMAC header in order for dynamic changes to API requests to be done (ie. Intruder, Active Scan), instead of relying on manual recalculation
Drupal brochureware site pentest, I discovered a high-risk misconfiguration issue by directory bruteforcing, any unauthenticated user could create, update and delete menu link items, which could easily lead to website defacement.
Evilgophish setup on an AiTM phishing engagement, updated an existing M365 phishlet to support mobile devices, leading to many mobile users falling into the trap. The phishlet only required a one-line addition, which was for a special device subdomain that was extra for mobile apps compared to the default browser-experience phishlet.
Performed my third SCR engagement on a C# application built on top of Episerver/Optimizely PaaS. It was great fun! And taught me nuances of learning how to spot bad stuff not only in language constructs but also how the framework options are used (looking for footguns)

Work Changes