Author: lcolombo
-
The Bugs We’re Planting Today
The past few years we’ve been hearing on and on about this idea that basically all of our jobs are going to be replaced by AI. If you work with code, do software engineering, or work in cybersecurity, this will immediately hit. This might sound a bit too much (albeit I’ve seen it in some…
-
On The Current AI Hype
If someone asks me what I think of the current AI hype, I should probably send him a link to this post. https://malwaretech.com/2025/08/every-reason-why-i-hate-ai.html “The reason I’m not diving head first into everything AI isn’t because I fear it or don’t understand it, it’s because I’ve already long since come to my conclusion about the technology.…
-
LFI/RFI via Email on a Healthcare Platform
A while ago I was pentesting a known healthcare platform. They allow you to login, access your medical records, download your studies, get appointments with different doctors, and so on, all managed from a profile in their systems. In one of the functionalities they offered, there was the possibility to send your medical studies via…
-
One-Click Account Takeover: From XSS to Session Token Exfiltration
On a recent pentest I was able to chain an Open Redirect + XSS to exfiltrate session tokens, only needing for a user to click on a link. Open Redirect on redirectUrl While browsing the site, I noticed that the application used a redirectUrl parameter to redirect the application to different functionalities. The parameter was present in…
-
Week in Review – #24
To revive the blog I will begin a Week in Review series, where I write some notes about my previous week doing bug bounty work, with some ideas, notes and reflections of the process and what I’ve done. I used to do bug bounty occasionally, with very good results, so now I decided to focus a lot…
Lautaro Colombo 