Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

A common OAuth misconfiguration is allowlisting localhost for development purposes. When enabled in production, this can lead to an application running on the device to steal OAuth codes via redirects to itself. The same issue could appear with CORS.