Firas FatnassiCross-Tenant Information Disclosure: Unraveling Microsoft Connections, Custom Connectors, and OAuth…This article is about a vulnerability I recently discovered in the Microsoft Power Automate Platform, which involved chaining exploits…Aug 4, 2023Aug 4, 2023
Firas FatnassiinInfoSec Write-upsA tale of 0-Click Account Takeover and 2FA Bypass.Hey, it’s been a long time since I published a bug bounty write-up. I was in an internship period. So, I had a lot of free time. Anyways…Feb 12, 2022Feb 12, 2022
Firas FatnassiinInfoSec Write-upsHow I was able to take over any account via the Password Reset Functionality.Hey, This is my first writeup and I will talk about an account takeover that I found in May on a vulnerability disclosure program. Let’s…Jun 28, 20204Jun 28, 20204