πŸŒ™

Blog

πŸ“ˆ Content Stats

750 ⭐

Awesome list of secrets in environment variables

14th July 2022

awesome-listcybersecuritysecrets

List of secrets, passwords, API keys, tokens stored inside a system environment variables.

6,796 πŸ“Ί

19th March 2022

videosecurity

[P1][HIGH] CVE-2021-21123 | Reward: $10.000 | Reported by: Maciej Pulikowski ( pulik.io ) Write-up and code proof of concept: https://github.com/Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera Keep it safe! Thanks to Google Dev Team for the fixes 😊 In conclusion, the user after holding the ENTER button on the keyboard for 2 seconds could lead to a leak of his system environments variables. This is a significant problem because users could store important secrets in system environments variables ex. Access to his AWS services, Github account or Binance. 🐦 Twitter: https://twitter.com/pulik_io 🐈 GitHub: https://github.com/Puliczek ℹ️ LinkedIn: https://www.linkedin.com/in/maciej-pulikowski-6a478512a/ #bugbounty #bugbountytips #cybersecurity

294 ⭐

19th March 2022

write-upcybersecuritygooglemicrosoft

Successful exploitation of this vulnerability can lead to the leak of users secrets stored inside a system environment variables. A security bug was found in Chromium 92 version and patched in 97 version. There are several web browsers based on the chromium engine, for instance, Google Chrome, Microsoft Edge, Opera, and Brave. All of them were vulnerable, except for Brave. The vulnerability is in the File system access API, more specifically in window.showSaveFilePicker() method.

849 ⭐

18th December 2021

cybersecuritylog4jjava

LOG4J Java exploit - WAF and patches bypass tricks

156 ⭐

22nd March 2021

write-upcybersecuritygooglemicrosoft

The main security issue here is the operating system dialog "Save as" launched by Google Chrome, is showing to the user the wrong file extension of downloaded the file. It shows "Save as type: JPEG (.jpg)" but downloads virus.jpg.lnk that can download and run virus.exe by PowerShell.

21,530 πŸ“Ί

20th March 2021

videosecurity

Code PoC can be found here: https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome File System Access API - vulnerabilities found by Maciej Pulikowski ( pulik.io ) This is my first video on youtube 🀩 So sorry for the weak video edit 😊 Keep it safe! Thanks to Google Dev Team for the fixes 😊 The total reward of $5.000 is for: (Google Security_Severity) CVE [HIGH] CVE-2021-21123 [MEDIUM] CVE-2021-21129 [MEDIUM] CVE-2021-21130 [MEDIUM] CVE-2021-21131 [MEDIUM] CVE-2021-21172 [LOW] CVE-2021-21141 🐦 Twitter: https://twitter.com/pulik_io 🐈 GitHub: https://github.com/Puliczek ℹ️ LinkedIn: https://www.linkedin.com/in/maciej-pulikowski-6a478512a/ πŸ“ž Discord: Puliczek(hash)5549 #bugbounty #bugbountytips #cybersecurity –––––––––––––––––––––––––––––– Coffee Break by Pyrosion https://soundcloud.com/pyrosion​ Creative Commons β€” Attribution 3.0 Unported β€” CC BY 3.0 Free Download / Stream: http://bit.ly/-coffee-break​ Music promoted by Audio Library https://youtu.be/SCaVppohv88​ ––––––––––––––––––––––––––––––

1st January 2021

My first post in MDX