A seemingly unexploitable CORS misconfiguration which was overlooked for years turned into a CSRF attack when chained with an XSS on an out-of-scope asset - all thanks to going back to the fundamentals
SMS OTPs are often seen as a secure authentication method, but what if they aren't? In this post, I break down how I reverse-engineered an OTP mechanism, leveraged probability theory, and achieved a 32% bypass success rate—exposing weak PRNGs and poor OTP management along the way leading to a 100% bypass success rate
