Rohan.exe🖤
@roohaan.bsky.social
Bugbounty Hunter | Security Engineer
Reposted by Rohan.exe🖤
When I condense nine months of research discoveries into a 40-min talk, it can make it seem easy. For a taster of the true experience, watch my battle to solve the 0-CL @WebSecAcademy lab! Research is persistence.
www.youtube.com/live/B7p8dIB...
www.youtube.com/live/B7p8dIB...
Novel HTTP/1 Request Smuggling/Desync Attacks with James Kettle
YouTube video by Off By One Security
www.youtube.com
August 21, 2025 at 2:43 PM
When I condense nine months of research discoveries into a 40-min talk, it can make it seem easy. For a taster of the true experience, watch my battle to solve the 0-CL @WebSecAcademy lab! Research is persistence.
www.youtube.com/live/B7p8dIB...
www.youtube.com/live/B7p8dIB...
Reposted by Rohan.exe🖤
No polyglots or tricks, just the basics for now.
This will be recorded and available publicly later.
m.youtube.com/@corkami-alb...
This will be recorded and available publicly later.
m.youtube.com/@corkami-alb...
Ange Albertini
Reverse engineering & visual documentations/presentations
Free, technical, useful
m.youtube.com
January 2, 2025 at 7:13 PM
No polyglots or tricks, just the basics for now.
This will be recorded and available publicly later.
m.youtube.com/@corkami-alb...
This will be recorded and available publicly later.
m.youtube.com/@corkami-alb...
Reposted by Rohan.exe🖤
This week we've got a rare episode that is also a bit more beginner friendly!
0xLupin (of Lupin and Holmes) and @rhynorater.bsky.social breakdown some of the hacker mentality that really caused some breakthrough in their hacker growth.
Check it out!
youtu.be/yxc2jVKE-jo
0xLupin (of Lupin and Holmes) and @rhynorater.bsky.social breakdown some of the hacker mentality that really caused some breakthrough in their hacker growth.
Check it out!
youtu.be/yxc2jVKE-jo
Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty (Ep. 99)
YouTube video by Critical Thinking - Bug Bounty Podcast
youtu.be
November 28, 2024 at 3:06 PM
This week we've got a rare episode that is also a bit more beginner friendly!
0xLupin (of Lupin and Holmes) and @rhynorater.bsky.social breakdown some of the hacker mentality that really caused some breakthrough in their hacker growth.
Check it out!
youtu.be/yxc2jVKE-jo
0xLupin (of Lupin and Holmes) and @rhynorater.bsky.social breakdown some of the hacker mentality that really caused some breakthrough in their hacker growth.
Check it out!
youtu.be/yxc2jVKE-jo
Reposted by Rohan.exe🖤
I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Remote Code Execution with Spring Properties
Recently a past student came to me with a very interesting unauthenticated vulnerability in a Spring application that they were having a hard time exploiting...
srcincite.io
November 26, 2024 at 11:57 PM
I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Reposted by Rohan.exe🖤
Handling Cookies is a Minefield:
Inconsistencies in the HTTP cookie specification and its implementations have caused a situation where countless websites (including Facebook, Netflix, Okta, WhatsApp, Apple, etc.) are one small mistake away from locking their users out.
grayduck.mn/2024/11/21/h...
Inconsistencies in the HTTP cookie specification and its implementations have caused a situation where countless websites (including Facebook, Netflix, Okta, WhatsApp, Apple, etc.) are one small mistake away from locking their users out.
grayduck.mn/2024/11/21/h...
November 21, 2024 at 5:11 PM
Handling Cookies is a Minefield:
Inconsistencies in the HTTP cookie specification and its implementations have caused a situation where countless websites (including Facebook, Netflix, Okta, WhatsApp, Apple, etc.) are one small mistake away from locking their users out.
grayduck.mn/2024/11/21/h...
Inconsistencies in the HTTP cookie specification and its implementations have caused a situation where countless websites (including Facebook, Netflix, Okta, WhatsApp, Apple, etc.) are one small mistake away from locking their users out.
grayduck.mn/2024/11/21/h...
Reposted by Rohan.exe🖤
If you like bounties, I highly recommend this presentation from Martin Doyhenard on novel web cache deception techniques. It comes with Web Security Academy labs too!
www.youtube.com/watch?v=70yy...
www.youtube.com/watch?v=70yy...
DEF CON 32 - Gotta Cache ‘em all bending the rules of web cache exploitation - Martin Doyhenard
YouTube video by DEFCONConference
www.youtube.com
November 26, 2024 at 2:33 PM
If you like bounties, I highly recommend this presentation from Martin Doyhenard on novel web cache deception techniques. It comes with Web Security Academy labs too!
www.youtube.com/watch?v=70yy...
www.youtube.com/watch?v=70yy...