On Apache Flink dashboards

I've recently come across an interesting misconfiguration. This is regarding Apache Flink. What is Flink? Flink is a framework for processing data streams. It runs on port 8081 by default. What are data streams? Re the Flink documentation: Any kind of data is produced as a stream of events. Credit…

Bsides Dublin CTF

This is my account of my first CTF. It started at 10:30am or so. Having had no previous experience with CTFs, this CTF really hooked me into the world of competitive hacking. I'll only be talking about the problems I solved here. BSides DublinBSides DublinI ended up in 27th…

On Exposed Jira Dashboards

While doing my own research recently, I discovered exposed Jira dashboards for several companies. While there is no guarantee that those companies own those dashboards, it is a reasonably safe assumption to make. Circle K: https://circlek.atlassian.net/jira/filters?searchName=&Search=Search&filterView=search Waterstones: https:…

January 2021 - My first bounty

The first bounty is a milestone that many hope to hit. It marks the starting line for a lot of bug bounty hunters today. Mine was interesting. For privacy's sake, I won't disclose the company. My first bug was an IDOR. IDOR stands for Insecure Direct Object Reference - that…