DREHSEC IT Security&Research
  • Blog
  • DREHSEC IT Security&Research
  • dreher.in
  • meme.drehsec.tk

RFC3966: Parsing phone numbers is hard :D

  • Christopher Bleckmann-Dreher

Christopher Bleckmann-Dreher

17 Dec 2022

Did you know you can hide your payloads in phone numbers? ☎️😱
RFC3966 specifies parameters for valid phone numbers that can contain characters. @securinti discovered that popular libraries are vulnerable and that it can lead to XSS and even ATO!πŸ”₯#BugBountyTips #NahamCon2022EU pic.twitter.com/tNUVyZu7Oz

— INTIGRITI (@intigriti) December 17, 2022

πŸ’€ Owning a Cloud Dashboard: A Walkthrough of How Our Autonomous BugBounty Agent Exploited a Live Grafana Instance

When you're hunting bugs at scale, automation isn't a luxury β€” it's a necessity. In this write-up, I’ll walk you through one of our BugBounty Agent’s recent wins: the successful exploitation of an unsecured Grafana monitoring portal that exposed sensitive Azure credentials and
16 Apr 2025 8 min read

AI Pentest Companion

Building an AI-Powered Pentest Companion App that integrates Burp Suite's tools to assist pentesters during real-time assessments can significantly enhance productivity and efficiency. Below is an outline of how Burp Suite tools can be utilized within such an app, with relevant examples of practical implementations: 1. Proxy and
06 Apr 2025 3 min read
πŸ“Š Exciting Weekend Project Reveal: wpad.je Tracker 🌐

πŸ“Š Exciting Weekend Project Reveal: wpad.je Tracker 🌐

πŸš€ I'm thrilled to share the results of my latest weekend project: the wpad.je Tracker! This innovative tool provides fascinating insights into web traffic patterns and proxy usage. https://wpad.je πŸ–₯️ Top Stats After Just One Weekend: 273 requests from a single IP (99.65.78.*) 463 requests
20 Oct 2024 1 min read
DREHSEC IT Security&Research © 2025
  • memegen docs
Powered by Ghost