All your Azure Clouds are Belong to us

A few people asked me why I was thanked in the March 2016 Security Researchers Acknowledgements For Microsoft Online Services. They probably hoped to get a few free beers celebrating my huge bug bounty. Alas, no bug bounty, since the reported issues were not really in scope of the Microsoft Online Services »

The Curse of ModSecurity and How I found out that Hell is in Singapore (part 1)

Boring. Perfectly patched system, WordPress content management system and plugins updated. My pentest not really going anywhere. A sysadmin from hell going wayang and falsely accusing me of a site slowdown during my obligatory wpscan (wpscan is an automated tool to find security issues in a WordPress site). Wah this guy, damn »