Pinned
Ian Carroll
1,860 posts
Ian Carroll
@iangcarroll
Founder at @SeatsAero. Travel/points, application security, security research, etc. bsky.app/profile/ian.sh
- In April, @samwcyo and I discovered a way to bypass airport security via SQL injection in a database of crewmembers. Unfortunately, DHS ghosted us after we disclosed the issue, and the TSA attempted to cover up what we found. Here is our writeup:
- chrome://dino 0day, brought to you by security happy hour (bug bounty pls) checkForCollision = () => false; Runner.instance_.setSpeed(50);
00:00 - 1Gbps of sustained outbound transfer on aws is about $21,000/month in us-east-1. that's it. that's the tweet.
- ARM-based macOS can run iOS apps + network traffic/cert store is tied to macOS = perfect for iOS app hacking
- About 1.5 years ago, I started Seats.aero as a fun side project to help me book better award flights with my points. To my surprise, it grew much faster than I ever expected, and ended up becoming my full-time job. As the year ends, we just hit $1.5M in ARR and now
- Yay, I was awarded a $75,000 bounty on @Hacker0x01! hackerone.com/ian #TogetherWeHitHarder Five $15,000 reports to one program using an issue that CookieMonster would catch! Not as straightforward though; CVE soon :)
- I got promoted today to Staff Security Engineer at Robinhood!
- Pretty crazy to look back on this as we just hit $8M ARR + 500k MAU! @SeatsAero is still fully bootstrapped, but I think we are going to have to hire soon. Have hit the limit on being "solo" where you start hampering your own progress. Even just support is quite difficult nowAbout 1.5 years ago, I started Seats.aero as a fun side project to help me book better award flights with my points. To my surprise, it grew much faster than I ever expected, and ended up becoming my full-time job. As the year ends, we just hit $1.5M in ARR and now
- CVE-2020-7066 is a pretty neat SSRF vector in PHP; URL parsing differences strike yet again.
- I wrote about how I exploited a bunch of outdated Apache Airflow instances in bug bounty programs and earned over $13,000 for it!
- Excited to share a small thing I've been working on: fast tooling for detecting misconfigured session implementations in web apps. CookieMonster rapidly finds misconfigured secret keys in applications using Laravel, Flask, JWTs, and more!
