Archives
- 18 Mar SAML roulette: the hacker always wins
- 17 Mar 🐝 Hive Five 215 - Prompt Your Way To Personal Growth
- 14 Mar [HackerNotes Ep.114] Single Page Application Hacking Playbook
- 11 Mar 🐝 Hive Five 214 - Pressing Buttons
- 07 Mar [HackerNotes Ep.113] Best Technical Takeaways from Portswigger Top 10 2024
- 03 Mar 🐝 Hive Five 213 - Agency > Intelligence
- 01 Mar [HackerNotes Ep.112] Interview with Ciarán Cotter (MonkeHack) Critical Lab Researcher and Full-time Hunter
- 28 Feb The cost of Go's panic and recover
- 24 Feb 🐝 Hive Five 212 - Vibe Coding
- 21 Feb [HackerNotes Ep.111] How to Bypass DOMPurify with Kévin Mizu
- 20 Feb Shadow Repeater:AI-enhanced manual testing
- 17 Feb 🐝 Hive Five 211 - Stop Working So Hard
- 14 Feb [HackerNotes Ep.110] Oauth Gadget Correlation and Common Attacks
- 12 Feb Bee-yond the Hive: Optimal keyboard shortcuts
- 10 Feb 🐝 Hive Five 210 - We Are Destroying Software
- 08 Feb Quoting Dr. Julie Gurner: "Talent is a high-risk gift."
- 07 Feb [HackerNotes Ep. 109] Creative Recon - Alternative Techniques
- 04 Feb Top 10 web hacking techniques of 2024
- 03 Feb 🐝 Hive Five 209 - New Space
- 03 Feb [HackerNotes Ep.108] How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron Costello
- 28 Jan Programmatic handling of CORS-configuration errors with jub0bs/cors
- 28 Jan Bypassing character blocklists with unicode overflows
- 27 Jan 🐝 Hive Five 208 - Nobody Cares
- 27 Jan [HackerNotes Ep.107] Bypassing Cross-Origin Browser Headers
- 23 Jan Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel
- 22 Jan Stealing HttpOnly cookies with the cookie sandwich technique
- 20 Jan 🐝 Hive Five 207 - Brain Rot and One Man Armies
- 17 Jan [HackerNotes Ep.106] Announcing our new Co-Host...
- 13 Jan 🐝 Hive Five 206 - AI Crash Course
- 11 Jan [HackerNotes Ep.105] Best Moments of 2024 on the Pod
- 08 Jan Top 10 web hacking techniques of 2024: nominations open
- 06 Jan 🐝 Hive Five 205 - Join or die
- 05 Jan 🍯 Bee-side 204 - COBOL Jobs Domain & Browser-Based Background Removal
- 02 Jan [HackerNotes Ep.104] 2024 Hacker Stats & 2025 Goals
- 31 Dec [HackerNotes Ep.103] Getting ANSI about Unicode Normalization
- 30 Dec 🐝 Hive Five 204 - Make Change That Lasts
- 29 Dec 🍯 Bee-side 203 - AI Innovation, Dev Tools & Digital Security
- 23 Dec 🐝 Hive Five 203 - How To Live an Epic Life
- 22 Dec 🍯 Bee-side 202 - Security Tools, AI Innovation & Dev Productivity
- 20 Dec [HackerNotes Ep.102] Building Web Hacking Micro Agents with Jason Haddix
- 16 Dec 🐝 Hive Five 202 - A Bias to Action
- 15 Dec 🍯 Bee-side 201 - Web Security Patterns, AI Integration & Growth Hacking Strategies
- 14 Dec [HackerNotes Ep.101] AI Attack Vectors - CTBB Hijacked - Rez0__ and Johann
- 11 Dec [HackerNotes Ep.100] 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking
- 04 Dec Program Manager’s Guide To Running a Successful Bug Bounty Program
- 04 Dec Bypassing WAFs with the phantom $Version cookie
- 30 Nov [HackerNotes Ep.99] Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty
- 24 Nov [HackerNotes Ep.98] Team 82 Sharon Brizinov - The Live Hacking Polymath
- 17 Nov See you back in January
- 17 Nov [HackerNotes Ep.97] Bcrypt Hash Input Truncation & Mobile Device Threat Modeling
- 11 Nov [HackerNotes Ep.95 & Ep.96] Cookies, Caching & Attacking Chrome Extensions with MatanBer
- 29 Oct New crazy payloads in the URL Validation Bypass Cheat Sheet
- 28 Oct 👩💻IW Weekly #134: Javascript Vulnerabilities, Microsoft ServiceNow Hacked, Recon Framework, Powershell on Web, Zendesk Vulnerability, Filtering Hostnames and many more…
- 23 Oct Concealing payloads in URL credentials
- 21 Oct 👩💻IW Weekly #133: Tools For Recon, Sandbox Bypass in Chromium Browser, Zendesk Vulnerability, CVE-2024-23113, SAML XPath Confusion, AI-Powered 403 Bypassers and many more…
- 14 Oct 👩💻IW Weekly #132: Account Takeover on Palo Alto Networks, SQLi Cheat Sheet, Pre-Auth SQL Injection in WhatsUp Gold, SSRF Automation, Bypassing Sanitizers using MXSS, and many more…
- 07 Oct 👩💻IW Weekly #131: ROP For Security Bypass, Ruby Class Pollution, Mobile Hacking, Reverse Engineering, Hacking Websites With ZIP Files and many more…
- 30 Sep 👩💻IW Weekly #130: Hacking Trello Board Instances, Hacker Mentality, Regex, Google Dorks, CodeQL Fundamentals and many more…
- 23 Sep 👩💻IW Weekly #129: Google VRP Blog, CVE-2024-29847 Exploit, Hotstar Hacked, Bug Bounty Tips, OSINT Explained, and many more…
- 20 Sep Hacking Kia: Remotely Controlling Cars With Just a License Plate
- 16 Sep 👩💻IW Weekly #128: Bug Bounty, Cloud Dorking, Asset Discovery, Reconnaissance,Vulnerabilities in the Kakadu JPEG 2000 and in Azure DevOps,VPN Cookies Hijacking, and many more…
- 09 Sep 👩💻IW Weekly #127: Nanocore Obfuscation, Code Protection Bypass, Gmail HTML Injection, Remote Code Execution, X-Correlation Injection Research, and many more…
- 03 Sep Introducing the URL validation bypass cheat sheet
- 02 Sep 👩💻IW Weekly #126: Bypassing Airport Security, XSS on Netlify’s Image CDN, Frans Rosén’s X-Correlation Research, Prompt Injection on Microsoft Copilot, Type Confusion Flaw in Chrome, and many more…
- 26 Aug 👩💻IW Weekly #125: AWS ALBeast Vulnerability, SSRF Bug In Microsoft’s Copilot Studio, Cache Misconfiguration Exploit, Web Caching, DEF CON 32, Game Hacking, and many more…
- 19 Aug 👩💻IW Weekly #124: XSS WAF Bypass, Google and Github Dorks, XSS via CSPT, Bug Hunting Methodology, and many more…
- 12 Aug 👩💻IW Weekly #123: Web Timing Attacks, Confusion Attacks, LUCI AuthDB Leak, LHEs vs Pwn2Owns, Reverse Engineering 101 and many more…
- 08 Aug Gotta cache 'em all: bending the rules of web cache exploitation
- 07 Aug Splitting the email atom: exploiting parsers to bypass access controls
- 07 Aug Listen to the whispers: web timing attacks that actually work
- 05 Aug 👩💻IW Weekly #122: SSRF, Password Reset Vulnerability, XSS in Hotjar, Single-Packet Attack, WhatsApp Desktop Code Execution, Business Logic Errors and many more…
- 29 Jul 👩💻IW Weekly #121: RCE on Kafka UI, $2000 Bounty, Advanced SQL Injection Techniques, AWS Cognito Misconfigurations, Payment Bypass, and many more…
- 22 Jul 👩💻IW Weekly #120: Mass Request Smuggling, 1000$ Open Redirect, CSS Injection, Jupyter Auth Token Leak, CrowdStrike Issue and many more...
- 15 Jul 👩💻IW Weekly #119: Universal Code Execution, Evernote RCE, Multiple ServiceNow CVEs, Escalating XSS Using Password Managers, DOMPurify Bug, CSS Injections and many more…
- 09 Jul Fickle PDFs: exploiting browser rendering discrepancies
- 08 Jul 👩💻IW Weekly #118: Server-Side Request Forgery, Malware Development, IDOR, Match and Replace, Cache Deception and many more…
- 07 Jul Universal Code Execution by Chaining Messages in Browser Extensions
- 02 Jul A hacking hat-trick: previewing three PortSwigger Research publications coming to DEF CON & Black Hat USA
- 01 Jul 👩💻IW Weekly #117: API Hacking, Hacking Large Corporations, CrushFTP Exploit, NextJS & Cache Poisoning, Prototype Pollution, Nested Deserialization and many more…
- 24 Jun 👩💻IW Weekly #116: GitHub Copilot Prompt Injection, r2frida for iOS Runtime Manipulation, Data Exfiltration from Restricted Environment, iOS URL Scheme Hijacking and many more…
- 17 Jun 👩💻IW Weekly #115: Abusing Auto-Mail Responders, $25,000 Github Takeover, AI in Bug Hunting, RCE on Tenda AC8 Router, GraphQL Hacking and many more…
- 11 Jun onwebkitplaybacktargetavailabilitychanged?! New exotic events in the XSS cheat sheet
- 10 Jun 👩💻IW Weekly #114: 4-Step Bug Hunting Methodology, CVE-2024-4358, Reflector, Bypass SSL Pinning, GraphQL API Vulnerabilities and many more…
- 03 Jun 👩💻IW Weekly #113: Subdomain Takeovers to Credential Leaks, Stored XSS to RCE, VSCode SFTP File Exposure, $203K Bounties for Bugs in Azure Health Bot and many more…
- 03 Jun Hacking Millions of Modems (and Investigating Who Hacked My Modem)
- 31 May Five easy ways to hack GraphQL targets
- 29 May Refining your HTTP perspective, with bambdas
- 28 May Bug Bounty Calculator—Crunch the numbers and optimize your program
- 27 May 👩💻IW Weekly #112: XXE in Chrome, SQL Injection Cheatsheet, Misconfigurations in Azure, Hacking WordPress Plugins, and many more…
- 27 May Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973)
- 22 May Introducing SignSaboteur: forge signed web tokens with ease
- 20 May 👩💻IW Weekly #111: SSRF in NextJS, Blind SSRF on WordPress, ChatGPT Rate Limit Bypass, IDOR at Swiggy and many more...
- 14 May Reconfigurable CORS middleware with jub0bs/cors
- 13 May 👩💻IW Weekly #110: GitHub Actions Cache Poisoning, CVE-2024-0200, Relative Path File Injection, Hacking Apple, Hacking Microsoft's AI bot and many more…
- 06 May 👩💻IW Weekly #109: Hacking Telegram, Raining IDORs and BACs, Microsoft Graph Logging Bypass, HTMX Bugs, Wordlist for CI/CD Hacking and many more…
- 29 Apr 👩💻IW Weekly #108: PostMessage for XSS, Smart Contract Security, Admin Panel Takeover, DOM-XSS to ATO, Process Injection With C, Privilege Escalation and many more …
- 27 Apr jub0bs/cors: a better CORS middleware library for Go
- 22 Apr 👩💻IW Weekly #107: CVE-2024-0333, $50,000 for hacking Google A.I, Auth-Bypass via Response Tampering, HTTP Request smuggling case study, Telegram RCE and many more…
- 17 Apr 4 bug bounty mistakes and how to avoid them
- 15 Apr 👩💻IW Weekly #106: Hacking ICON Blockchain, BatBadBut Vulnerability, DOM XSS to ATO, Starbucks Hack, Bypassing Phone Number Verification and many more…
- 08 Apr 👩💻IW Weekly #105: XZ Utils Backdoor, DOMPurify Bypass, Secondary Context Bugs, Hacking ISPs, Email Verification Bypass, Gesture Jacking and many more…
- 01 Apr 👩💻IW Weekly #104: ClickHouse, Velociraptor, WAF bypass techniques, Path Traversal Vulnerabilities, io_uring Vulnerability in Ubuntu, Shockwave Attack Surface Management, .NET Remoting Exploits, Github dorks and many more…
- 25 Mar 👩💻IW Weekly #103: $35K Bounty, Nuances of Aggressive Scans, DLL Side-Loading, Hacking 3 Million Hotel Key Cards, WAF Bypassing Variants and many more…
- 19 Mar Making desync attacks easy with TRACE
- 18 Mar 👩💻IW Weekly #102: Raining RCEs on Citrix, Microsoft Outlook and Fortigate, Security flaws in ChatGPT and third-party plugins, CRLF Injection, and many more…
- 18 Mar Aggressive scanning in bug bounty (and how to avoid it)
- 14 Mar Testing static websites and uncovering hidden security vulnerabilities
- 11 Mar 👩💻IW Weekly #101: CSP Bypass using formaction attribute, 200 hours of hacking to $20K, CVE-2024-1403 analysis, Necessity of DevSecOps, Use of Github Actions to Bypass Microsoft Entra Smart Lockout and many more…
- 05 Mar Using form hijacking to bypass CSP
- 04 Mar 👩💻IW Weekly #100🎉Server-Side Prototype Pollution, Zero-Click ATO Exploit, SSRF Bugs, GRX Interface address using TCP, GraphQL API Schemas, XSS for ATO, IDOR, Unicode Normalization and many more…
- 26 Feb 👩💻IW Weekly #99: Top 10 hacking techniques of 2023, CSP Bypass, Multiple XSS on Joomla, XSS on ChatGPT, Meteor subdomain takeover, Length filter bypass to SQL Injection, Nomulus pentest and many more…
- 19 Feb 👩💻IW Weekly #98: Image to RCE, MySQL Server Access, Hacking College Website, RCE on Apple’s Production Server, Web-Cache Deception Vulnerability, Github Code Search, SSRF on Vercel and many more…
- 19 Feb Top 10 web hacking techniques of 2023
- 12 Feb 👩💻IW Weekly #97: XSS on Microsoft Whiteboard and Excalidraw, ChatGPT Account Takeover, reverse engineered ESP32-based air purifier, advanced HTTP header exploitation techniques, PikaBot Malware Analysis and many more…
- 05 Feb 👩💻IW Weekly #96: Windows Driver to Working EDR, Auth-Bypass within Ivanti’s Pulse Connect Secure, Infostealer Malware, Binary Emulation, Google Domain Tier Concepts and many more…
- 04 Feb Back to the (Clip)board with Microsoft Whiteboard and Excalidraw in Meta (CVE-2023-26140)
- 29 Jan 👩💻IW Weekly #95: From Rook to XSS, CVE-2023-5480, Response Manipulation to Privilege Escalation, Top 10 Web Hacking Techniques for 2023, Unicode Escape Handling in Java and many more…
- 23 Jan Hiding payloads in Java source code strings
- 22 Jan 👩💻IW Weekly #94: 2FA Bypass, Decoding Obfuscated JavaScript, Exploiting Password Reset Functionality, AWS S3 Bucket Takeover, Invisible Prompt Injections and many more…
- 18 Jan High Signal Detection and Exploitation of Ivanti's Pulse Connect Secure Auth Bypass & RCE
- 15 Jan 👩💻IW Weekly #93: GitLab Critical Fixes, Google Info-Stealers, Sandwich Attack, CVE-2023-7028, IDN Homograph Attack, IrisCTF24 Challenges and many more…
- 09 Jan Top 10 web hacking techniques of 2023 - nominations open
- 08 Jan 👩💻IW Weekly #92: Cloudflare Pages Vulnerabilities Analysis, CORS Cache Exploitation Automating RTFM with ChatGPT, Shrewdeye Bash, XSS to ATO, Bypassing Door Passwords and many more…
- 25 Dec 👩💻IW Weekly #92: Hacking Adobe For $50K, Google OAuth Hack, SSTI, Self XSS to Stored XSS, JSLuice Tips, Dealing With Burnout, SQL Injection Worth $4K and many more…
- 25 Dec 👩💻IW Weekly #91: Hacking Adobe For $50K, Google OAuth Hack, SSTI, Self XSS to Stored XSS, JSLuice Tips, Dealing With Burnout, SQL Injection Worth $4K and many more…
- 18 Dec 👩💻IW Weekly #90: Django Debug Mode, Attacking The Rsync Service, DOM XSS to Stored XSS, CVE-2022-2216, Hacking AWS & Kubernetes, Twitter’s XSS + CSRF Leads to Account Takeover and many more…
- 12 Dec Finding that one weird endpoint, with Bambdas
- 11 Dec 👩💻IW Weekly #89: Business Logic Vulnerability, DNS Poisoning, XSS Exploitation to Steal Credentials, Payment Processor Hacking, Second Order SQL Injections, Blind CSS Exfiltration, Symfony Exploits and many more…
- 05 Dec Bug Bytes #218 – Advent of Cyber, RCEs and hacking poems
- 05 Dec Blind CSS Exfiltration: exfiltrate unknown web pages
- 04 Dec 👩💻IW Weekly #88: Process Injection, Race Condition, CLRF to XSS in Snapchat, Active Directory Guide, Main App Hacking Methodology, CSP Research, CORS Misconfigurations and many more…
- 27 Nov 👩💻IW Weekly #87: Okta for Red Teamers, Hijacking OAuth, Account Hijacking via Invite Flows, Full Time Bug Bounty Hunting, Unpredictable IDs in IDOR and many more…
- 22 Nov Bug Bytes #217 – How to Submit Vulnerabilities, Writing a Great WriteUp and 2 years of Bug Bounty
- 20 Nov 👩💻IW Weekly #86: CVE-2023-46729, Hacked Google’s Bug Tracking System, Outsmarting AI Models, Sandbox Escaping, Self-Redirect to XSS, Critical 0-day XXE to SSRF and many more…
- 13 Nov 👩💻IW Weekly #85: LFI to RCE, DoS Bugs, RXSS on Microsoft, Race Conditions, Finding Leaked Tokens, Bypassing URL Parsers and many more…
- 06 Nov 👩💻IW Weekly #84: DOM-based race condition, Bypassing Android Debug and root detection, F5-BIG-IP CVE-2023-46747, SQL injection on admin login , Hacking HP monitor display, Analyzing Metamask snaps and many more…
- 02 Nov Bug Bytes #216 – SQL injections, Android XSS and Writing Quality Reports
- 31 Oct Hacking HP Display Monitors via Monitor Control Command Set (CVE-2023-5449)
- 30 Oct 👩💻IW Weekly #83: CVE-2023-4966, Address Bar Spoofing, SQLi to NTLM, Okta Breach, UPI Security, PII via Frontend Authentication Redirects and many more…
- 25 Oct Bug Bytes #215 – Hackers in Lisbon, AI bug bounty and is this the end?
- 23 Oct 👩💻IW Weekly #82: Single Packet Attack, Nuclei v3, DOM XSS, IDOR Insights, Bypassing CSP, AI & Hacking, Android App Hacking and many more…
- 23 Oct People who say “PHP is insecure” are uninformed
- 23 Oct Citrix Bleed: Leaking Session Tokens with CVE-2023-4966
- 18 Oct The single-packet attack: making remote race-conditions 'local'
- 17 Oct Bug Bytes #214 – We launch a course, bug hunters go full time and the $20k bug
- 16 Oct 👩💻IW Weekly #81: Chrome SOP Bypass, Unauthorized access to Admin panel, Access to Instagram’s private posts, Looney Tunable Linux Privilege escalation [CVE-2023-4911], NoSQL injections and many more…
- 09 Oct 👩💻IW Weekly #80: Broken Access Control, XSS Basics, GraphQL Introspection Query, RCE Vulnerabilities, XSS Challenge, Scanners for Web Security Research and many more …
- 07 Oct Passing the New OSEE Exam After Forgetting Everything
- 06 Oct Cybersecurity is lost: The story of the man in the van
- 04 Oct Bug Bytes #213 – Hacking a Prison, XSS on steroids, CAIDO free for students and Bogus CVEs
- 03 Oct RCE in Progress WS_FTP Ad Hoc via IIS HTTP Modules (CVE-2023-40044)
- 03 Oct How to build custom scanners for web security research automation
- 02 Oct 👩💻IW Weekly #79: RCE in Google Chrome, CVE-2023-40044, OIDC misconfiguration to ATO, accessing millions of call recordings and many more..
- 27 Sep Bug Bytes #212 – XSS Payloads, IDOR prediction and Cloud Security
- 25 Sep 👩💻IW Weekly #78: OAuth Misconfiguration, Account Takeover, Virtual Hosts, SQL Injection, Hacker Tweets, Advanced Root Detection Bypass Techniques and many more..
- 18 Sep 👩💻IW Weekly #77: Azure AD privilege escalation, CVE-2022-3910, Web Cache deception attack, GraphQL enumeration techniques, IDOR and many more..
- 13 Sep Bug Bytes #211 – Hacking Casinos, Microsoft’s Key Mishap, Read the Docs and ImageMagick Strikes Again
- 11 Sep 👩💻IW Weekly #76: Android Native Libraries, Proton Mail’s Security, Source Code & Secrets exposed on Top Websites, Zero Click Mass ATO, CSP Protection Bypass on Google, Hacking Online Casino and many more..
- 06 Sep Bug Bytes #210 – Zenbleed, Interview Questions, Challenge Coins and SQL Injections
- 04 Sep 👩💻IW Weekly #75: Privilege Escalation by request manipulation, PII Disclosure by manipulating parameters, PII leak using misconfigured API, CRLF to XSS, Blind SSRF with Out-of-band Detection and many more..
- 28 Aug 👩💻IW Weekly #74: RCE through Dependency Confusion, 2FA bypass in Meta, Client side Prototype pollution and its prevention, Paywall bypass, SSRF tricks and many more..
- 27 Aug Leaking File Contents with a Blind File Oracle in Flarum
- 27 Aug Advisory: Flarum LFI - CVE-2023-40033
- 23 Aug Bug Bytes #209 – The only graphQL wordlist you need, ML bug hunting and VDP submissions
- 21 Aug 👩💻IW Weekly #73: ATO in Shopify Stores, CVE-2023-36809, Risks in Cross-Chain Bridges, Bypassing Firewalls, Hacking iOS Apps, Uncovering Zenbleed and many more..
- 14 Aug 👩💻IW Weekly #72: GraphQL Hacking, SSO Vulnerabilities, Race Condition Vulnerabilities, SQLMap & Server Side Request Forgery Tips, Sandwich Attack and many more..
- 09 Aug Smashing the state machine: the true potential of web race conditions
- 08 Aug Finding and Exploiting Citrix NetScaler Buffer Overflow (CVE-2023-3519) (Part 3)
- 07 Aug 👩💻IW Weekly #71: Introduction to AD pentesting, XSS via exported activity, using HOTW to leak CSRF token, full access to airline points, SSRFs and many more..
- 03 Aug Leaked Secrets and Unlimited Miles: Hacking the Largest Airline and Hotel Rewards Platform
- 31 Jul 👩💻IW Weekly #70: NFT Bridge Vulnerability, CVE-2023-3519 Deep Analysis, RCE in Huawei Theme Manager, Preauth RCE in Metabase, Chaining Bugs for Session Hijack and many more..
- 24 Jul 👩💻IW Weekly #69: OpenSSH RCE, Xamarin Applications Reverse Engineering, Puzzled XSS, CVE-2023-3519 analysis, XSS and CORS bypass and many more..
- 24 Jul Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway (Part 2)
- 22 Jul Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646)
- 21 Jul Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway
- 21 Jul Advisory: Metabase Pre-Auth RCE (CVE-2023-38646)
- 19 Jul Bug Bytes #208 – Burp gets an update, Sharefile gets a CVE and JavaScript files get analysed
- 17 Jul 👩💻IW Weekly #68: Account Takeover using Custom OTP, CVE-2023-36934, Investigating EC2 , XSS in hidden inputs , macOS user's real name brute-forced with mDNS and many more..
- 11 Jul Exploiting XSS in hidden inputs and meta tags
- 11 Jul Bug Bytes #207 -IIS, LLMs and iOS
- 10 Jul 👩💻IW Weekly #67: Joining Google as Red Teamer, Finding 100 vulnerabilities, Tale of DOM-XSS, Impactful SSRF, Busting fake Privacy Policy and many more..
- 05 Jul Bug Bytes #206 – Citrix more like Crit-trix amiright?
- 04 Jul Encrypted Doesn't Mean Authenticated: ShareFile RCE (CVE-2023-24489)
- 03 Jul 👩💻IW Weekly #66: Citrix Gateaway-XSS, Web cache Deception, DNS Analyzer, ATO to XSS in GarphQL API, AWS S3 Bucket Leaks, $250K Coinbase API Hack and many more…
- 03 Jul Advisory: ShareFile Pre-Auth RCE (CVE-2023-24489)
- 02 Jul 10 tips for crushing bug bounties
- 29 Jun Reversing Citrix Gateway for XSS
- 28 Jun Bug Bytes #205 – Live Hacking, AI Hacking and Helicopter Hacking
- 21 Jun Bug Bytes #204 – Everything You Missed From NahamCon
- 14 Jun How I choose a security research topic
- 05 Jun Bypassing CSP via DOM clobbering
- 05 May A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF...
- 28 Apr Ambushed by AngularJS: a hidden CSP bypass in Piwik PRO
- 08 Apr Rule Writing for CodeQL and Semgrep
- 28 Mar The curl quirk that exposed Burp Suite & Google Chrome
- 23 Mar Exploiting prototype pollution in Node without the filesystem
- 15 Feb Server-side prototype pollution: Black-box detection without the DoS
- 08 Feb Top 10 web hacking techniques of 2022
- 08 Feb Fearless CORS: a design philosophy for CORS middleware libraries (and a Go implementation)
- 29 Jan DOM-XSS in Instant Games due to improper verification of supplied URLs
- 29 Jan Account takeover of Facebook/Oculus accounts due to First-Party access_token stealing
- 29 Jan Account takeover of Facebook/Oculus accounts due to First-Party access_token stealing
- 29 Jan Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation
- 04 Jan Top 10 web hacking techniques of 2022 - nominations open
- 03 Jan Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More
- 17 Dec I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS
- 29 Nov Hijacking service workers via DOM Clobbering
- 26 Nov So, you want to get into bug bounties?
- 17 Nov Bug Bounty Calculator – Crunch the numbers and optimize your VDP
- 15 Nov Stealing passwords from infosec Mastodon - without bypassing CSP
- 09 Nov Detecting web message misconfigurations for cross-domain credential theft
- 31 Oct Safari is hot-linking images to semi-random websites
- 19 Oct HTTP/3 connection contamination: an upcoming threat?
- 03 Oct Our favourite community contributions to the XSS cheat sheet
- 22 Sep Making HTTP header injection critical via response queue poisoning
- 21 Sep Exploiting Web3's Hidden Attack Surface: Universal XSS on Netlify's Next.js Library
- 19 Sep Challendar: Creating a Challenge for The Infosecurity Challenge 2022
- 12 Sep The seventh way to call a JavaScript function without parentheses
- 12 Sep Existence oracle for Secure cookies on insecure Web origins
- 06 Sep How to turn security research into profit: a CL.0 case study
- 01 Sep Using Hackability to uncover a Chrome infoleak
- 29 Aug Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrl
- 18 Aug You Have One New Appwntment: Exploiting iCalendar Properties in Enterprise Applications
- 10 Aug Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
- 04 Aug Scraping the bottom of the CORS barrel (part 1)
- 27 Jul Framing without iframes
- 29 Jun Bypassing Firefox's HTML Sanitizer API
- 22 Jun Widespread prototype pollution gadgets
- 21 Jun The ugly side of collaboration in bug bounties
- 18 Jun The ugly side of collaboration in bug bounties
- 18 Jun Embedding Payloads and Bypassing Controls in Microsoft InfoPath
- 14 Jun Bypassing CSP with dangling iframes
- 14 May Multiple bugs chained to takeover Facebook Accounts which uses Gmail.
- 13 May Hunting evasive vulnerabilities
- 20 Apr New XSS vectors
- 02 Apr Remote Code Execution vs. Remote Command Execution vs. Code Injection vs. Command Injection vs. RCE
- 04 Mar More secure Facebook Canvas Part 2: More Account Takeovers
- 01 Mar Turbo Intruder – Hacker Tools: Going faster than ever! 👩💻
- 09 Feb Top 10 web hacking techniques of 2021
- 08 Feb CVE-2022-21703: cross-origin request forgery against Grafana
- 03 Feb Solving DOM XSS Puzzles
- 01 Feb Meg – Hacker Tools: Endpoint scan the masses! 👩💻
- 11 Jan EyeWitness – Hacker Tools: Hacking through screenshots 👩💻
- 05 Jan Top 10 web hacking techniques of 2021 - nominations open
- 31 Dec 2Q21: New Year's Reflections
- 06 Dec uBlock, I exfiltrate: exploiting ad blockers with CSS
- 26 Nov The InfoSecurity Challenge 2021 Full Writeup: Battle Royale for $30k
- 23 Nov GoSpider – Hacker Tools: Enumerate the web! 👩💻
- 22 Oct All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021-38646)
- 13 Oct Creating a 3D world in pure CSS
- 12 Oct Abusing Slack's file-sharing functionality to de-anonymise fellow workspace members
- 05 Oct CRLFuzz – Hacker Tools: Injecting CRLF for bounties 👩💻
- 29 Sep Multiple bugs allowed malicious Android Applications to takeover Facebook/Workplace accounts
- 29 Sep Multiple bugs allowed malicious Android Applications to takeover Facebook/Workplace accounts
- 29 Sep All Your (d)Base Are Belong To Us, Part 1: Code Execution in Apache OpenOffice (CVE-2021-33035)
- 24 Sep Waybackurls – Hacker Tools: Time-traveling for bounties 👩💻
- 17 Sep Hunting nonce-based CSP bypasses with dynamic analysis
- 17 Sep Down the Rabbit Hole: Unusual Applications of OpenAI in Cybersecurity Tooling
- 14 Sep Dalfox – Hacker Tools: XSS Scanning Made Easy 👩💻
- 07 Sep KiteRunner – Hacker Tools: Next-level API hacking 👩💻
- 03 Sep More secure Facebook Canvas : Tale of $126k worth of bugs that lead to Facebook Account Takeovers
- 31 Aug 👩💻 Hacker Tools: WPScan – Your WordPress isn’t safe!
- 05 Aug HTTP/2: The Sequel is Always Worse
- 21 Jul How to achieve enterprise-grade attack-surface monitoring with open source software
- 21 Jul A hackers perspective on bug bounty triage
- 02 Jul alert() is dead, long live print()
- 30 Jun Finding DOM Polyglot XSS in PayPal the Easy Way
- 29 Jun Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
- 27 Jun Oversightboard.com site-wide CSRF due to missing checking
- 27 Jun Disclose unconfirmed email/phone of a Facebook user
- 27 Jun Disclose unconfirmed email/phone of a Facebook user
- 23 Jun ROP and Roll: EXP-301 Offensive Security Exploit Developer (OSED) Review and Exam
- 21 Jun A hackers perspective on bug bounty triage
- 08 Jun Hacking, ethics, inner conflict: Are we on the brink of a Hacktivism revival?
- 27 May List of Cybersecurity Subreddits
- 22 May Life's a Peach (Fuzzer): How to Build and Use GitLab's Open-Source Protocol Fuzzer
- 20 May Oculus SSO “Account Linking” bug leads to account takeover on third party websites and inside VR Games/Apps
- 20 May Oculus SSO “Account Linking” bug leads to account takeover on third party websites and inside VR Games/Apps
- 20 May How to hack your ex-girlfriend’s Facebook account
- 05 May Why I Quit My Job at Bugcrowd
- 01 Apr nOtWASP bottom 10: vulnerabilities that make you cry
- 24 Mar Hidden OAuth attack vectors
- 17 Mar Introducing Haktrails: A Small CLI Tool Harnessing the Power of SecurityTrails
- 11 Mar Offensive Security Experienced Penetration Tester (OSEP) Review and Exam
- 12 Feb Subdomain takeover: ignore this vulnerability at your peril
- 02 Feb Applying Offensive Reverse Engineering to Facebook Gameroom
- 29 Jan The great SameSite confusion
- 14 Jan A Glossary of Blind SSRF Chains
- 23 Dec Supply Chain Pollution: Hunting a 16 Million Download/Week npm Package Vulnerability for a CTF Challenge
- 23 Dec Supply Chain Pollution: Hunting a 16 Million Download/Week npm Package Vulnerability for a CTF Challenge
- 16 Dec Hacking Chess.com and Accessing 50 Million Customer Records
- 03 Dec Imposter Alert: Extracting and Reversing Metasploit Payloads (Flare-On 2020 Challenge 7)
- 07 Oct We Hacked Apple for 3 Months: Here’s What We Found
- 18 Sep Finding Hidden Files and Folders on IIS using BigQuery
- 18 Sep Beat The Clock: The CSIT InfoSecurity Challenge
- 15 Sep Hacking on Bug Bounties for Four Years
- 28 Aug Perspective is Everything
- 14 Aug Open Sesame: Escalating Open Redirect to RCE with Electron Code Review
- 29 Jul Protecting your apps from link-based vulnerabilities: reverse tabnabbing, broken-link hijacking, and open redirects
- 21 Jul A glimpse at parametric polymorphism in Go: designing a generic bidirectional map
- 22 Jun Leveraging an SSRF to leak a secret API key
- 20 Jun Hacking Starbucks and Accessing Nearly 100 Million Customer Records
- 26 May Chaining an IDOR with a business-logic error to achieve critical impact
- 15 May Closing the Loop: Practical Attacks and Defences for GraphQL APIs
- 11 May Don't Force Yourself to Become a Bug Bounty Hunter
- 19 Apr Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts
- 05 Apr Same Same But Different: Discovering SQL Injections Incrementally with Isomorphic SQL Statements
- 26 Feb Plugging Git leaks: preventing and fixing information exposure in repositories
- 18 Feb A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell
- 01 Feb Expanding the Attack Surface: React Native Android Applications
- 12 Jan Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2
- 29 Dec Low-Hanging Apples: Hunting Credentials and Secrets in iOS Apps
- 15 Dec From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13
- 01 Nov Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty
- 26 Sep Analysis of CVE-2019-14994 - Jira Service Desk Path Traversal leads to Massive Information Disclosure
- 14 Jul Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program
- 19 May Discovering a zero day and getting code execution on Mozilla's AWS Network
- 11 Apr Summary of dotGo 2019
- 19 Mar Discovering a zero day and getting code execution on Mozilla's AWS Network
- 14 Jan Gaining access to Uber's user data through AMPScript evaluation
- 17 Dec Reading ASP secrets for $17,000
- 22 Aug Access control in Go: a primer for Java developers
- 15 Aug Defer: sweet, but no syntactic sugar
- 04 Jul The $12,000 Intersection between Clickjacking, XSS, and Denial of Service
- 09 May Hacking a Massive Steam Scamming and Phishing Operation for Fun and Profit
- 10 Nov Exploiting Directory Traversal to View Customer Credit Card Information on Yahoo's Small Business Platform
- 03 Aug How I gained access to chef, docker, AWS, and MongoDB instances in a single request
- 25 Jun Permanent account takeover on Yahoo's Small Business platform
- 04 Jun How I could've taken over the production server of a Yahoo acquisition through command injection
- 10 May Eradicating image authentication injection from the entire internet
- 09 May How I stole the identity of every Yahoo user
- 29 Jul High frequency security bug hunting: 120 days, 120 bugs
- 29 Jun High frequency security bug hunting: 120 days, 120 bugs
- 18 Nov Using ngrok to proxy internal servers in restrictive environments
- 22 Sep Abusing URL Shortners to discover sensitive resources or assets
- 16 Jul Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions
- 15 Jun Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions
- 13 May Security for young people in Australia
- 07 Feb Exploiting Markdown Syntax and Telescope Persistent XSS through Markdown (CVE-2014-5144)