by Julien Ahrens | Thursday, September 26, 2013 | Bug Bounty
Bag the bug! I’ve reported another interesting vulnerability to the PayPal site security team in May 2013 affecting their domain www.paypaltech.com, which is in scope of the official Bug Bounty program. But this time, it’s not one of the common web...
by Julien Ahrens | Sunday, September 8, 2013 | Advisory, Exploit
Hello readers, this is my first article in a series about vulnerabilities in Watchguard products. Watchguard is a self-proclaimed NextGen Security vendor building security appliances for complete network protection. As I am working with Watchguard products for around...
by Julien Ahrens | Tuesday, August 13, 2013 | General
I am happy to announce some really awesome changes! Do you quit while you’re ahead?I’ve been blogging on Inshell.net for about 1,5 years now, and during this time I constantly received more and more positive feedbacks from different vendors, I’ve...
by Julien Ahrens | Monday, July 15, 2013 | Playground
I like puzzles, they keep your mind up2date! So I’ve just registered over at crackmes.de because it really looks like a lot of fun – and I like fun especially when it comes to reversing things. But isn’t it Off-Topic? No, because analyzing...
by Julien Ahrens | Monday, July 1, 2013 | Advisory
In early June I’ve reported several security vulnerabilities in Nullsoft’s flagship product WinAmp to the devs. I received an amazing fast answer from the WinAmp Team acknowledging all reported security vulnerabilities. Only 5 days later I’ve...
by Julien Ahrens | Saturday, June 8, 2013 | Advisory
Earlier this year, I’ve reported 7 XSS flaws on different pages of the Dutch MSN Entertainment site to the Microsoft Security Response Center (MSRC case #14103cl) and immediately received a response – not as fast as HP did previously on my HP IMC flaw...
by Julien Ahrens | Saturday, May 25, 2013 | Advisory
I’ve reported an interesting Cross-Site Scripting flaw on the official website of ICQ, the world’s probably best known and most used Cross-Platform Messaging application to the developers in February. This flaw potentially allowed an attacker to steal...
by Julien Ahrens | Sunday, May 5, 2013 | Exploit
A few weeks ago, one of my followers asked me if I can help him writing a functional exploit for the current version of the Audio Media Player by ABBS because he’s experiencing problems with successfully exploiting a NULL-byte issue. All exploits that are...
by Julien Ahrens | Wednesday, May 1, 2013 | Certifications
As you may have noticed – it went quiet on my blog in the last few weeks. I was heavily working on the challenging Offensive-Security Labs to obtain my Offensive-Security Certified Professional (OSCP) certification. AND ! Yesterday! I received the mail...
by Julien Ahrens | Saturday, April 13, 2013 | Bug Bounty
Great news! Today I received the second payment for another valid Cross-Site Scripting vulnerability covered by PayPal’s bug bounty program. This time the domain www.paypaltech.com was affected, which provides scripts and samples used for...
