Tyler Rosonke

/Tyler Rosonke

About Tyler Rosonke

Tyler is a security professional based in Omaha, Nebraska. His main area of focus is in penetration testing. He loves learning and scripting his way out of a tight spot, which makes this area of security right up his alley.

Bypassing WAFs with JSON Unicode Escape Sequences

Bypassing WAFs with JSON Unicode Escape Sequences This blog post will discuss how I was able find a blind SQL injection, analyze a WAF, find a JSON unicode escape bypass, and then automate the bypass by writing a sqlmap tamper script. SQLi Identification WAF Analysis Bypass Identification Tamper Script SQLi Identification The particular payload that [...]

By | December 20th, 2018|Categories: InfoSec, Vulnerabilities|0 Comments

JWT Hacking 101

JWT Hacking 101 As JavaScript continues its quest for world domination, JSON Web Tokens (JWTs) are becoming more and more prevalent in application security.  Many applications use them, so it has become very important for me to know as much as I can and I want to share what I’ve learned. In this blog post [...]

By | December 8th, 2017|Categories: InfoSec, Vulnerabilities|0 Comments

Referer Redirection and Its Inconspicuous Danger

Referer Redirection and Its Inconspicuous Danger Recently I noticed some peculiar behavior on web application. I observed that in certain situations, the webpage would openly redirect to the ‘Referer’ header defined in the request. In this particular instance, the web application required some data from the user to perform that page’s function. When that data was not present, [...]

By | August 23rd, 2016|Categories: InfoSec, Vulnerabilities|0 Comments