Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- The session cookie turned out to be deterministic. Essentially, a deterministic userID was put into the value and a random value. However, the random value was not checked...
- This led to easy account takeovers by brute forcing a list of userIDs.
