bugbounty - ZeroSec - Adventures In Information Security

Reviving and Refactoring DNS Enum

I have been using Lepus for a number of years as it is one of the better subdomain enumeration tools. I integrated some of the lessons learned from DNS Queue [https://github.com/

Leveraging Expression Language Injection (EL Injection) for RCE

Apr 6, 2019 3 min read bugbounty injection hacking

Expression Language injection or EL Injection for short is an attack vector I'd never heard of until recently. This post talks about leveraging EL for RCE.

NMAP Tips: RTFM?

Mar 9, 2019 17 min read ltr101 basics bugbounty Getting Started hacking

NMAP TL;DR It's a tool used for portscanning and this post will explore some of the common and useful flags that can be used while scanning to pick up usful information about

LTR101: My First CloudFront Domain Takeover/Hijack

Oct 10, 2017 6 min read weekend writeup learning bugbounty ltr101

Update 2021/2022: This technique no longer works for Subdomain Hijacking as Amazon have patched it. The only way to hijack the subdomain is if you have control over DNS for the domain

May the Shells be with You - A Star Wars RCE Adventure!

Jul 22, 2017 7 min read bugbounty RCE learning hacking

Intro Continuing the non-ltr101 [https://blog.zsec.uk/tag/ltr101/] posts for a second here is a quick write-up of a cool bug I found recently on a bounty program. It features Remote