Latest Posts

Bypass Microsoft Teams Tenancy Permission - Edit Sent Messages

Bypass Microsoft Teams Tenancy Permission - Edit Sent Messages

Ashley King 18 Oct 2021 Microsoft

Back in December 2019 I reported a Microsoft Teams Tenancy Permission bypass that allowed a user to modify...

Read More
Abusing corporate URL shorteners

Abusing corporate URL shorteners

Ashley King 27 Jun 2021 Misc

URL shorteners are great! They allows users to turn a 200 character url into something substansially less. It's ideal for those...

Read More
Bypassing locked profile restrictions on Facebook

Bypassing locked profile restrictions on Facebook

Ashley King 02 Feb 2021 Meta

Facebook allows certain users to set their Facebook profile to be "locked". This means other users are not able to view their full profile...

Read More
Launching internal & non-exported deeplinks on Facebook

Launching internal & non-exported deeplinks on Facebook

Ashley King 28 Jan 2021 Meta

The report was submitted as a collaboration between myself and Rahul Kankrale. The split was 70% Ash & 30% Rahul. It was possible...

Read More
ShazLocate!<br> Abusing CVE-2019-8791 & CVE-2019-8792

ShazLocate!
Abusing CVE-2019-8791 & CVE-2019-8792

Ashley King 17 Jan 2021 Apple

I found a vulnerability in the popular Shazam application that allowed an attacker to steal the precise location of a user simply by clicking a...

Read More
Ability To Backdoor Facebook For Android

Ability To Backdoor Facebook For Android

Ashley King 30 Oct 2020 Meta

I found a security vulnerability in Facebook for Android which made it possible to backdoor the application. By abusing a development...

Read More