Thomas Stacey's Blog

Thomas Stacey's Blog

Follow

Follow

Thomas Stacey

2 followers

Penetration tester, security researcher and full-time Lego enthusiast. I am endlessly trying to explore and apply new (and far too complicated...) attack techniques.

Outpost24 Blog - Cross-site scripting attacks in action and how to protect against them

Mar 5, 20241 min read

Write-up In this blog post, my colleagues at Outpost24 and I walkthrough some of the wilder Cross-Site Scripting attacks we've managed to conceive...

Outpost24 Blog - Cross-site scripting attacks in action and how to protect against them

Making Web Cache Deception Critical in 30 Minutes

Dec 11, 20235 min read

Web Cache Deception, first discovered (I think...) here, is a rare attack class that enables an attacker to trick users into storing sensitive...

Making Web Cache Deception Critical in 30 Minutes

Outpost24 Blog - Hijacking Sessions using HTTP Request Smuggling

Nov 14, 20231 min read

Write-up In this blog (linked above) I walkthrough one of the most complex exploits I have created to-date resulting in application-wide session...

Outpost24 Blog - Hijacking Sessions using HTTP Request Smuggling

Outpost24 Blog - Account Takeover in Azure’s API Management Developer Portal

Nov 14, 20231 min read

Write-up In this blog (linked above) I explain how I used param-miner to discover a critical privilege escalation vulnerability in Azure's API...

Outpost24 Blog - Account Takeover in Azure’s API Management Developer Portal