# Technical Writeups

- [Reset Password Poisoning Via Host Header Injection Lead to (ATO)](/blog/writeups/technical-writeups/reset-password-poisoning-via-host-header-injection-lead-to-ato.md): Account Takeover
- [OTP/2FA Bypasses](/blog/writeups/technical-writeups/otp-2fa-bypasses.md)
- [OTP bypasses](/blog/writeups/technical-writeups/otp-2fa-bypasses/otp-bypasses.md)
- [Lack of Authentication on the OTP Endpoint enables an attacker to brute force the Correct OTP](/blog/writeups/technical-writeups/lack-of-authentication-on-the-otp-endpoint-enables-an-attacker-to-brute-force-the-correct-otp.md)