Combining host header injection and lax host parsing serving malicious data

labsdetectify

TL;DR, There used to be a bug in Internet Explorer allowing attackers to force victims to send requests with malformed Host headers. File Descriptor used it to steal GitHub OAuth tokens, and we used it to confuse Heroku and Fastly’s host routing to make them serve our content on their customers’ domains. Fastly and Heroku have since then patched the issue on their side.

The story of EV-SSL, AWS and trailing dot domains

labsdetectify

What HPKP is but isn't

labsdetectify

7 tools that have influenced the reversing community

labsdetectify

Fusion Challenges - level02 Write-up

labsdetectify

Slack bot token leakage exposing business critical information

labsdetectify