Posts by samwcyo

Hacking Millions of Modems (and Investigating Who Hacked My Modem)

June 3, 2024

Leaked Secrets and Unlimited Miles: Hacking the Largest Airline and Hotel Rewards Platform

August 3, 2023

Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More

January 3, 2023

Exploiting Web3's Hidden Attack Surface: Universal XSS on Netlify's Next.js Library

September 21, 2022

Hacking Chess.com and Accessing 50 Million Customer Records

December 16, 2020

We Hacked Apple for 3 Months: Here’s What We Found

October 7, 2020

Hacking Starbucks and Accessing Nearly 100 Million Customer Records

June 20, 2020

Don't Force Yourself to Become a Bug Bounty Hunter

May 11, 2020

Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts

April 19, 2020

Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty

November 1, 2019

Analysis of CVE-2019-14994 - Jira Service Desk Path Traversal leads to Massive Information Disclosure

September 26, 2019

Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program

July 14, 2019

Reading ASP secrets for $17,000

December 17, 2018

The $12,000 Intersection between Clickjacking, XSS, and Denial of Service

July 4, 2018

Hacking a Massive Steam Scamming and Phishing Operation for Fun and Profit

May 9, 2018

Exploiting Directory Traversal to View Customer Credit Card Information on Yahoo's Small Business Platform

November 10, 2017

How I gained access to chef, docker, AWS, and MongoDB instances in a single request

August 3, 2017

Permanent account takeover on Yahoo's Small Business platform

June 25, 2017

How I could've taken over the production server of a Yahoo acquisition through command injection

June 4, 2017

Eradicating image authentication injection from the entire internet

May 10, 2017

How I stole the identity of every Yahoo user

May 9, 2017