Hacking naked Akamai ARL at scale

2021-01-15 — Written by Randy Gingeleski — 2 min read
#hacks 
Trying to load arbitrary content via abandoned Akamai on 2,259 plus 1 bounty targets.
Read more →

Defeating Parler’s proprietary CAPTCHA

2021-01-11 — Written by Randy Gingeleski — 3 min read
#appsec  #botting  #hacks 
Before the now-infamous Parler social network’s disappearance, we assessed their ‘roll-your-own’ CAPTCHA.
Read more →

Goodreads - sex spam attack vector?

2020-12-20 — Written by Randy Gingeleski — 1 min read
#spam  #hacks 
Goodreads is an Amazon-owned site to track and review books. Recently I got propositioned for sex there.
Read more →

Hacking a Gmail account with the owner’s gym habits

2020-09-22 — Written by Randy Gingeleski — 3 min read
#hacks 
Researching Amenity Pass bots, I found someone had already written one… with major problems.
Read more →

How to identify in-client bot detection

2020-09-19 — Written by Randy Gingeleski — 4 min read
#appsec  #botting  #hacks 
Walking through how to clock 4 in-client bot detectors like Google reCAPTCHA and Akamai Bot Management SDK.
Read more →