/tags/profundis/ Recent content in Profundis on SECarius Hugo en Fri, 22 Aug 2025 00:00:00 +0000 /bugbounty/using_microsoft_sso_to_achieve_full_account_takeover/ Fri, 22 Aug 2025 00:00:00 +0000 /bugbounty/using_microsoft_sso_to_achieve_full_account_takeover/ <p>Hello there!</p> <p>This article is the second one of a series where I will share how the service I have released 2 months ago, <a href="https://profundis.io">https://profundis.io</a>, helps me every day in my bug bounty journey.</p> <p>This time, Profundis simply helped find the vulnerable asset.</p> <h1 id="finding-the-asset">Finding the asset</h1> <p>The asset was discovered after doing some sorting of my target data. The query I used was simply <code>host:*.domain.com AND title:* AND status_code:200</code>. This query makes sure there is a full working website running on the subdomain, and that this website has some interesting content (by using <code>title:*</code> which means &ldquo;there should be a title detected&rdquo;)</p> /bugbounty/how_i_found_an_rce_seconds_after_its_publication/ Thu, 21 Aug 2025 00:00:00 +0000 /bugbounty/how_i_found_an_rce_seconds_after_its_publication/ <p>Hello there!</p> <p>This article is the first one of a (probable) series where I will share how the service I have released 2 months ago, <a href="https://profundis.io">https://profundis.io</a>, helps me every day in my bug bounty journey.</p> <p>This first article will cover the basics of the alerting feature that streams domains of my bugbounty targets in real-time, allowing me to stay updated on any changes within the monitored scopes. I will cover this subject with a nice bounty I got recently for an RCE discovered thanks to this alerting feature.</p>