Automatically recover Firebase Remote Config information in Android apps

Firebase Remote Config is a service that allows developers to host and easily modify settings for their mobiles apps. It’s not supposed to be secret information and it’s not designed to be private, however automating the recovery of Firebase Remote Config is very easy and can reveal some details about the application’s inner workings. You can even get lucky and find secrets that should have never been there in the first place (I once saw AWS credentials!).

read more

Intigriti XSS Challenge 2 and how I lost time to a bad assumption

Intigriti is once again offering us an XSS challenge. The first one had cryptic code and a complicated setup between the page and an iframe, but this time around the code is rather straight-forward. Let’s see if that makes the challenge easier. ;)

read more

Intigriti XSS Challenge - Solution and problem solving approach

Intigriti released a fun little XSS challenge that required to craft a special URL that would be both used to assign an iframe’s src as well as being sent to an eval call to pop an alert(document.domain) - which was the objective of the challenge. But how do we get there? Let’s take a step back and walk our way through it.

read more

Yet another $50M CTF writeup!

This is my writeup for the $50M CTF by HackerOne. This was my first proper CTF and I don’t have much experience in the bug bounty world either so everything was new from the beginning to the end, including the report-writing part. What I went for in this report was more of a “bug report to a program” style and not “blog for an audience” style. Everything was not as straightforward as the report suggests, I’ll add some notes to give more context here and there. In hindsight my report was probably way too “straightforward” and lacks a lot of details about how I actually worked to come to all those conclusions. I’ll be better next time!

read more