How I was able to find easy P1 just by doing Recon

Data Theft in Salesforce: Manipulating Public Links

When Certificates Fail: A Story of Bypassed MFA in Remote Access

SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff

Ghost In The Ppl Part 1: Byovdll

Part 2: From Byovdll To Arbitrary Code Execution In Lsass