Blog
π Content Stats
541 πΊ
11th August 2024
#buildwithgemini Project for Gemini API Developer Competition. Mobile Game coming soon to Android and iOS. Twitter: @pulik_io
104 πΊ
2nd May 2024
TableByAI is a project made for Google AI Hackathon (https://googleai.devpost.com/) Collect data with files - Images, Videos, Audios and more... Simply upload your file to TableByAI and see how AI create records for you β¨ Created by Aleksandra Marciniak (Ola) and Maciej Pulikowski. π¦ Twitter: https://twitter.com/pulik_io π GitHub: https://github.com/Puliczek βΉοΈ LinkedIn: https://www.linkedin.com/in/maciej-pulikowski-6a478512a/
860 β
14th July 2022
List of secrets, passwords, API keys, tokens stored inside a system environment variables.
8,634 πΊ
19th March 2022
[P1][HIGH] CVE-2021-21123 | Reward: $10.000 | Reported by: Maciej Pulikowski ( pulik.io ) Write-up and code proof of concept: https://github.com/Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera Keep it safe! Thanks to Google Dev Team for the fixes π In conclusion, the user after holding the ENTER button on the keyboard for 2 seconds could lead to a leak of his system environments variables. This is a significant problem because users could store important secrets in system environments variables ex. Access to his AWS services, Github account or Binance. π¦ Twitter: https://twitter.com/pulik_io π GitHub: https://github.com/Puliczek βΉοΈ LinkedIn: https://www.linkedin.com/in/maciej-pulikowski-6a478512a/ #bugbounty #bugbountytips #cybersecurity
326 β
19th March 2022
Successful exploitation of this vulnerability can lead to the leak of users secrets stored inside a system environment variables. A security bug was found in Chromium 92 version and patched in 97 version. There are several web browsers based on the chromium engine, for instance, Google Chrome, Microsoft Edge, Opera, and Brave. All of them were vulnerable, except for Brave. The vulnerability is in the File system access API, more specifically in window.showSaveFilePicker() method.
932 β
18th December 2021
LOG4J Java exploit - WAF and patches bypass tricks
164 β
22nd March 2021
The main security issue here is the operating system dialog "Save as" launched by Google Chrome, is showing to the user the wrong file extension of downloaded the file. It shows "Save as type: JPEG (.jpg)" but downloads virus.jpg.lnk that can download and run virus.exe by PowerShell.
22,829 πΊ
20th March 2021
Code PoC can be found here: https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome File System Access API - vulnerabilities found by Maciej Pulikowski ( pulik.io ) This is my first video on youtube π€© So sorry for the weak video edit π Keep it safe! Thanks to Google Dev Team for the fixes π The total reward of $5.000 is for: (Google Security_Severity) CVE [HIGH] CVE-2021-21123 [MEDIUM] CVE-2021-21129 [MEDIUM] CVE-2021-21130 [MEDIUM] CVE-2021-21131 [MEDIUM] CVE-2021-21172 [LOW] CVE-2021-21141 π¦ Twitter: https://twitter.com/pulik_io π GitHub: https://github.com/Puliczek βΉοΈ LinkedIn: https://www.linkedin.com/in/maciej-pulikowski-6a478512a/ π Discord: Puliczek(hash)5549 #bugbounty #bugbountytips #cybersecurity ββββββββββββββββββββββββββββββ Coffee Break by Pyrosion https://soundcloud.com/pyrosionβ Creative Commons β Attribution 3.0 Unported β CC BY 3.0 Free Download / Stream: http://bit.ly/-coffee-breakβ Music promoted by Audio Library https://youtu.be/SCaVppohv88β ββββββββββββββββββββββββββββββ