Another yet quick blog post. A few years ago, 3 or 4, maybe 5, I was "working" with @marcioalm  in a "Simple Web Vulnerability Scanner" tool intended to be part of an automation vulnerability check for a large and specific environment. Keep in mind that adventure was before the release

Time to "leak" this old (but gold) pre-auth RCE affecting some of the Red Hat products. As stated by @joaomatosf this is an old but gold vulnerability found by himself and shared in two distinct security conference in Brazil, this vulnerability was part of a training he gave alongside with

Some time ago, many months ago to be accurate, during an engagement I found a way to gain root privileges in a RSA Authentication Manager server. It started from a non-authenticated point-of-view, by exploiting a Weblogic RCE vulnerability (CVE-2019-2725) which at the time, the fix was already available. BTW many

This will be a short blog post and the first writing about Bug Bounties, I'm trying to get more involved into this matter and I'm  hunting on my spare time and 90% of the time on Synack. Early this month I got invited to a private bug bounty program running