Reverse Account Takeover via Email Rebinding Causing Forced Privilege De-EscalationWhen we talk about account takeover, we usually imagine a familiar story: an attacker steals credentials, hijacks a session, or abuses password reset flows to log in as someone else. This write-up is about something more subtle โ and arguably more da...Jan 16, 2026ยท4 min read
Mass Account takeover by bypassing 2 FAHey fellow hackers, I'm not gonna bore you with a long story of this pentest project. Last month I was working on a Pen-testing project and I found multiple critical & high vulnerabilities and I'll cover the interesting findings only. I won't share t...Jan 31, 2023ยท2 min read
