A Glossary of Blind SSRF Chains

 

Finding Hidden Files and Folders on IIS using BigQuery

 

Hacking on Bug Bounties for Four Years

Taking over Azure DevOps Accounts with 1 Click

When performing subdomain takeovers, you should be asking yourself, what is the impact, and how do I prove it? This was especially the case when taking over the subdomain project-cascade.visualstudio.com.