all auth bypass

Everything I’ve published,
in one feed.

2 posts across writeups, research, and technical deep-dives. Filter by tag.

2 posts

2026.02.07

Enketo 6.2.1 - Auth-Bypass, SSRF, and XXE Browser Abuse to File Read

This article is the result of an OffenSkill Training. It discusses an unauthenticated arbitrary file read vulnerability found in the Enketo software, a web survey manager. The vulnerability, found during a white-box code review session, allows an unauthenticated attacker to read any arbitrary file on the server's by chaining an auth bypass, SSRF, XXE in svg and browser abuses.

10 min

2025.09.21

CTFWeb SecurityJWT

Amazon AppSec CTF: HalCrypto

Executive Summary Challenge: HalCrypto Category: Web Security Vulnerability: JWT validation bypass via URL confusion with @ symbol Impact: Authentication bypass …

6 min

Everything I’ve published,in one feed.

Enketo 6.2.1 - Auth-Bypass, SSRF, and XXE Browser Abuse to File Read

Amazon AppSec CTF: HalCrypto

Everything I’ve published,
in one feed.