Hackers Feed 339

• SAML roulette: the hacker always wins Mar 18, 2025
• 🐝 Hive Five 215 - Prompt Your Way To Personal Growth Mar 17, 2025
• [HackerNotes Ep.114] Single Page Application Hacking Playbook Mar 14, 2025
• 🐝 Hive Five 214 - Pressing Buttons Mar 11, 2025
• [HackerNotes Ep.113] Best Technical Takeaways from Portswigger Top 10 2024 Mar 7, 2025
• 🐝 Hive Five 213 - Agency > Intelligence Mar 3, 2025
• [HackerNotes Ep.112] Interview with Ciarán Cotter (MonkeHack) Critical Lab Researcher and Full-time Hunter Mar 1, 2025
• The cost of Go's panic and recover Feb 28, 2025
• 🐝 Hive Five 212 - Vibe Coding Feb 24, 2025
• [HackerNotes Ep.111] How to Bypass DOMPurify with Kévin Mizu Feb 21, 2025
• Shadow Repeater:AI-enhanced manual testing Feb 20, 2025
• 🐝 Hive Five 211 - Stop Working So Hard Feb 17, 2025
• [HackerNotes Ep.110] Oauth Gadget Correlation and Common Attacks Feb 14, 2025
• Bee-yond the Hive: Optimal keyboard shortcuts Feb 12, 2025
• 🐝 Hive Five 210 - We Are Destroying Software Feb 10, 2025
• Quoting Dr. Julie Gurner: "Talent is a high-risk gift." Feb 8, 2025
• [HackerNotes Ep. 109] Creative Recon - Alternative Techniques Feb 7, 2025
• Top 10 web hacking techniques of 2024 Feb 4, 2025
• 🐝 Hive Five 209 - New Space Feb 3, 2025
• [HackerNotes Ep.108] How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron Costello Feb 3, 2025
• Programmatic handling of CORS-configuration errors with jub0bs/cors Jan 28, 2025
• Bypassing character blocklists with unicode overflows Jan 28, 2025
• 🐝 Hive Five 208 - Nobody Cares Jan 27, 2025
• [HackerNotes Ep.107] Bypassing Cross-Origin Browser Headers Jan 27, 2025
• Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel Jan 23, 2025
• Stealing HttpOnly cookies with the cookie sandwich technique Jan 22, 2025
• 🐝 Hive Five 207 - Brain Rot and One Man Armies Jan 20, 2025
• [HackerNotes Ep.106] Announcing our new Co-Host... Jan 17, 2025
• 🐝 Hive Five 206 - AI Crash Course Jan 13, 2025
• [HackerNotes Ep.105] Best Moments of 2024 on the Pod Jan 11, 2025
• Top 10 web hacking techniques of 2024: nominations open Jan 8, 2025
• 🐝 Hive Five 205 - Join or die Jan 6, 2025
• 🍯 Bee-side 204 - COBOL Jobs Domain & Browser-Based Background Removal Jan 5, 2025
• [HackerNotes Ep.104] 2024 Hacker Stats & 2025 Goals Jan 2, 2025
• [HackerNotes Ep.103] Getting ANSI about Unicode Normalization Dec 31, 2024
• 🐝 Hive Five 204 - Make Change That Lasts Dec 30, 2024
• 🍯 Bee-side 203 - AI Innovation, Dev Tools & Digital Security Dec 29, 2024
• 🐝 Hive Five 203 - How To Live an Epic Life Dec 23, 2024
• 🍯 Bee-side 202 - Security Tools, AI Innovation & Dev Productivity Dec 22, 2024
• [HackerNotes Ep.102] Building Web Hacking Micro Agents with Jason Haddix Dec 20, 2024
• 🐝 Hive Five 202 - A Bias to Action Dec 16, 2024
• 🍯 Bee-side 201 - Web Security Patterns, AI Integration & Growth Hacking Strategies Dec 15, 2024
• [HackerNotes Ep.101] AI Attack Vectors - CTBB Hijacked - Rez0__ and Johann Dec 14, 2024
• [HackerNotes Ep.100] 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking Dec 11, 2024
• Program Manager’s Guide To Running a Successful Bug Bounty Program Dec 4, 2024
• Bypassing WAFs with the phantom $Version cookie Dec 4, 2024
• [HackerNotes Ep.99] Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty Nov 30, 2024
• [HackerNotes Ep.98] Team 82 Sharon Brizinov - The Live Hacking Polymath Nov 24, 2024
• See you back in January Nov 17, 2024
• [HackerNotes Ep.97] Bcrypt Hash Input Truncation & Mobile Device Threat Modeling Nov 17, 2024
• [HackerNotes Ep.95 & Ep.96] Cookies, Caching & Attacking Chrome Extensions with MatanBer Nov 11, 2024
• New crazy payloads in the URL Validation Bypass Cheat Sheet Oct 29, 2024
• 👩‍💻IW Weekly #134: Javascript Vulnerabilities, Microsoft ServiceNow Hacked, Recon Framework, Powershell on Web, Zendesk Vulnerability, Filtering Hostnames and many more… Oct 28, 2024
• Concealing payloads in URL credentials Oct 23, 2024
• 👩‍💻IW Weekly #133: Tools For Recon, Sandbox Bypass in Chromium Browser, Zendesk Vulnerability, CVE-2024-23113, SAML XPath Confusion, AI-Powered 403 Bypassers and many more… Oct 21, 2024
• 👩‍💻IW Weekly #132: Account Takeover on Palo Alto Networks, SQLi Cheat Sheet, Pre-Auth SQL Injection in WhatsUp Gold, SSRF Automation, Bypassing Sanitizers using MXSS, and many more… Oct 14, 2024
• 👩‍💻IW Weekly #131: ROP For Security Bypass, Ruby Class Pollution, Mobile Hacking, Reverse Engineering, Hacking Websites With ZIP Files and many more… Oct 7, 2024
• 👩‍💻IW Weekly #130: Hacking Trello Board Instances, Hacker Mentality, Regex, Google Dorks, CodeQL Fundamentals and many more… Sep 30, 2024
• 👩‍💻IW Weekly #129: Google VRP Blog, CVE-2024-29847 Exploit, Hotstar Hacked, Bug Bounty Tips, OSINT Explained, and many more… Sep 23, 2024
• Hacking Kia: Remotely Controlling Cars With Just a License Plate Sep 20, 2024
• 👩‍💻IW Weekly #128: Bug Bounty, Cloud Dorking, Asset Discovery, Reconnaissance,Vulnerabilities in the Kakadu JPEG 2000 and in Azure DevOps,VPN Cookies Hijacking, and many more… Sep 16, 2024
• 👩‍💻IW Weekly #127: Nanocore Obfuscation, Code Protection Bypass, Gmail HTML Injection, Remote Code Execution, X-Correlation Injection Research, and many more… Sep 9, 2024
• Introducing the URL validation bypass cheat sheet Sep 3, 2024
• 👩‍💻IW Weekly #126: Bypassing Airport Security, XSS on Netlify’s Image CDN, Frans Rosén’s X-Correlation Research, Prompt Injection on Microsoft Copilot, Type Confusion Flaw in Chrome, and many more… Sep 2, 2024
• 👩‍💻IW Weekly #125: AWS ALBeast Vulnerability, SSRF Bug In Microsoft’s Copilot Studio, Cache Misconfiguration Exploit, Web Caching, DEF CON 32, Game Hacking, and many more… Aug 26, 2024
• 👩‍💻IW Weekly #124: XSS WAF Bypass, Google and Github Dorks, XSS via CSPT, Bug Hunting Methodology, and many more… Aug 19, 2024
• 👩‍💻IW Weekly #123: Web Timing Attacks, Confusion Attacks, LUCI AuthDB Leak, LHEs vs Pwn2Owns, Reverse Engineering 101 and many more… Aug 12, 2024
• Gotta cache 'em all: bending the rules of web cache exploitation Aug 8, 2024
• Splitting the email atom: exploiting parsers to bypass access controls Aug 7, 2024
• Listen to the whispers: web timing attacks that actually work Aug 7, 2024
• 👩‍💻IW Weekly #122: SSRF, Password Reset Vulnerability, XSS in Hotjar, Single-Packet Attack, WhatsApp Desktop Code Execution, Business Logic Errors and many more… Aug 5, 2024
• 👩‍💻IW Weekly #121: RCE on Kafka UI, $2000 Bounty, Advanced SQL Injection Techniques, AWS Cognito Misconfigurations, Payment Bypass, and many more… Jul 29, 2024
• 👩‍💻IW Weekly #120: Mass Request Smuggling, 1000$ Open Redirect, CSS Injection, Jupyter Auth Token Leak, CrowdStrike Issue and many more... Jul 22, 2024
• 👩‍💻IW Weekly #119: Universal Code Execution, Evernote RCE, Multiple ServiceNow CVEs, Escalating XSS Using Password Managers, DOMPurify Bug, CSS Injections and many more… Jul 15, 2024
• Fickle PDFs: exploiting browser rendering discrepancies Jul 9, 2024
• 👩‍💻IW Weekly #118: Server-Side Request Forgery, Malware Development, IDOR, Match and Replace, Cache Deception and many more… Jul 8, 2024
• Universal Code Execution by Chaining Messages in Browser Extensions Jul 7, 2024
• A hacking hat-trick: previewing three PortSwigger Research publications coming to DEF CON & Black Hat USA Jul 2, 2024
• 👩‍💻IW Weekly #117: API Hacking, Hacking Large Corporations, CrushFTP Exploit, NextJS & Cache Poisoning, Prototype Pollution, Nested Deserialization and many more… Jul 1, 2024
• 👩‍💻IW Weekly #116: GitHub Copilot Prompt Injection, r2frida for iOS Runtime Manipulation, Data Exfiltration from Restricted Environment, iOS URL Scheme Hijacking and many more… Jun 24, 2024
• 👩‍💻IW Weekly #115: Abusing Auto-Mail Responders, $25,000 Github Takeover, AI in Bug Hunting, RCE on Tenda AC8 Router, GraphQL Hacking and many more… Jun 17, 2024
• onwebkitplaybacktargetavailabilitychanged?! New exotic events in the XSS cheat sheet Jun 11, 2024
• 👩‍💻IW Weekly #114: 4-Step Bug Hunting Methodology, CVE-2024-4358, Reflector, Bypass SSL Pinning, GraphQL API Vulnerabilities and many more… Jun 10, 2024
• 👩‍💻IW Weekly #113: Subdomain Takeovers to Credential Leaks, Stored XSS to RCE, VSCode SFTP File Exposure, $203K Bounties for Bugs in Azure Health Bot and many more… Jun 3, 2024
• Hacking Millions of Modems (and Investigating Who Hacked My Modem) Jun 3, 2024
• Five easy ways to hack GraphQL targets May 31, 2024
• Refining your HTTP perspective, with bambdas May 29, 2024
• Bug Bounty Calculator—Crunch the numbers and optimize your program May 28, 2024
• 👩‍💻IW Weekly #112: XXE in Chrome, SQL Injection Cheatsheet, Misconfigurations in Azure, Hacking WordPress Plugins, and many more… May 27, 2024
• Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973) May 27, 2024
• Introducing SignSaboteur: forge signed web tokens with ease May 22, 2024
• 👩‍💻IW Weekly #111: SSRF in NextJS, Blind SSRF on WordPress, ChatGPT Rate Limit Bypass, IDOR at Swiggy and many more... May 20, 2024
• Reconfigurable CORS middleware with jub0bs/cors May 14, 2024
• 👩‍💻IW Weekly #110: GitHub Actions Cache Poisoning, CVE-2024-0200, Relative Path File Injection, Hacking Apple, Hacking Microsoft's AI bot and many more… May 13, 2024
• 👩‍💻IW Weekly #109: Hacking Telegram, Raining IDORs and BACs, Microsoft Graph Logging Bypass, HTMX Bugs, Wordlist for CI/CD Hacking and many more… May 6, 2024
• 👩‍💻IW Weekly #108: PostMessage for XSS, Smart Contract Security, Admin Panel Takeover, DOM-XSS to ATO, Process Injection With C, Privilege Escalation and many more … Apr 29, 2024
• jub0bs/cors: a better CORS middleware library for Go Apr 27, 2024
• 👩‍💻IW Weekly #107: CVE-2024-0333, $50,000 for hacking Google A.I, Auth-Bypass via Response Tampering, HTTP Request smuggling case study, Telegram RCE and many more… Apr 22, 2024
• 4 bug bounty mistakes and how to avoid them Apr 17, 2024
• 👩‍💻IW Weekly #106: Hacking ICON Blockchain, BatBadBut Vulnerability, DOM XSS to ATO, Starbucks Hack, Bypassing Phone Number Verification and many more… Apr 15, 2024
• 👩‍💻IW Weekly #105: XZ Utils Backdoor, DOMPurify Bypass, Secondary Context Bugs, Hacking ISPs, Email Verification Bypass, Gesture Jacking and many more… Apr 8, 2024
• 👩‍💻IW Weekly #104: ClickHouse, Velociraptor, WAF bypass techniques, Path Traversal Vulnerabilities, io_uring Vulnerability in Ubuntu, Shockwave Attack Surface Management, .NET Remoting Exploits, Github dorks and many more… Apr 1, 2024
• 👩‍💻IW Weekly #103: $35K Bounty, Nuances of Aggressive Scans, DLL Side-Loading, Hacking 3 Million Hotel Key Cards, WAF Bypassing Variants and many more… Mar 25, 2024
• Making desync attacks easy with TRACE Mar 19, 2024
• 👩‍💻IW Weekly #102: Raining RCEs on Citrix, Microsoft Outlook and Fortigate, Security flaws in ChatGPT and third-party plugins, CRLF Injection, and many more… Mar 18, 2024
• Aggressive scanning in bug bounty (and how to avoid it) Mar 18, 2024
• Testing static websites and uncovering hidden security vulnerabilities Mar 14, 2024
• 👩‍💻IW Weekly #101: CSP Bypass using formaction attribute, 200 hours of hacking to $20K, CVE-2024-1403 analysis, Necessity of DevSecOps, Use of Github Actions to Bypass Microsoft Entra Smart Lockout and many more… Mar 11, 2024
• Using form hijacking to bypass CSP Mar 5, 2024
• 👩‍💻IW Weekly #100🎉Server-Side Prototype Pollution, Zero-Click ATO Exploit, SSRF Bugs, GRX Interface address using TCP, GraphQL API Schemas, XSS for ATO, IDOR, Unicode Normalization and many more… Mar 4, 2024
• 👩‍💻IW Weekly #99: Top 10 hacking techniques of 2023, CSP Bypass, Multiple XSS on Joomla, XSS on ChatGPT, Meteor subdomain takeover, Length filter bypass to SQL Injection, Nomulus pentest and many more… Feb 26, 2024
• 👩‍💻IW Weekly #98: Image to RCE, MySQL Server Access, Hacking College Website, RCE on Apple’s Production Server, Web-Cache Deception Vulnerability, Github Code Search, SSRF on Vercel and many more… Feb 19, 2024
• Top 10 web hacking techniques of 2023 Feb 19, 2024
• 👩‍💻IW Weekly #97: XSS on Microsoft Whiteboard and Excalidraw, ChatGPT Account Takeover, reverse engineered ESP32-based air purifier, advanced HTTP header exploitation techniques, PikaBot Malware Analysis and many more… Feb 12, 2024
• 👩‍💻IW Weekly #96: Windows Driver to Working EDR, Auth-Bypass within Ivanti’s Pulse Connect Secure, Infostealer Malware, Binary Emulation, Google Domain Tier Concepts and many more… Feb 5, 2024
• Back to the (Clip)board with Microsoft Whiteboard and Excalidraw in Meta (CVE-2023-26140) Feb 4, 2024
• 👩‍💻IW Weekly #95: From Rook to XSS, CVE-2023-5480, Response Manipulation to Privilege Escalation, Top 10 Web Hacking Techniques for 2023, Unicode Escape Handling in Java and many more… Jan 29, 2024
• Hiding payloads in Java source code strings Jan 23, 2024
• 👩‍💻IW Weekly #94: 2FA Bypass, Decoding Obfuscated JavaScript, Exploiting Password Reset Functionality, AWS S3 Bucket Takeover, Invisible Prompt Injections and many more… Jan 22, 2024
• High Signal Detection and Exploitation of Ivanti's Pulse Connect Secure Auth Bypass & RCE Jan 18, 2024
• 👩‍💻IW Weekly #93: GitLab Critical Fixes, Google Info-Stealers, Sandwich Attack, CVE-2023-7028, IDN Homograph Attack, IrisCTF24 Challenges and many more… Jan 15, 2024
• Top 10 web hacking techniques of 2023 - nominations open Jan 9, 2024
• 👩‍💻IW Weekly #92: Cloudflare Pages Vulnerabilities Analysis, CORS Cache Exploitation Automating RTFM with ChatGPT, Shrewdeye Bash, XSS to ATO, Bypassing Door Passwords and many more… Jan 8, 2024
• 👩‍💻IW Weekly #92: Hacking Adobe For $50K, Google OAuth Hack, SSTI, Self XSS to Stored XSS, JSLuice Tips, Dealing With Burnout, SQL Injection Worth $4K and many more… Dec 25, 2023
• 👩‍💻IW Weekly #91: Hacking Adobe For $50K, Google OAuth Hack, SSTI, Self XSS to Stored XSS, JSLuice Tips, Dealing With Burnout, SQL Injection Worth $4K and many more… Dec 25, 2023
• 👩‍💻IW Weekly #90: Django Debug Mode, Attacking The Rsync Service, DOM XSS to Stored XSS, CVE-2022-2216, Hacking AWS & Kubernetes, Twitter’s XSS + CSRF Leads to Account Takeover and many more… Dec 18, 2023
• Finding that one weird endpoint, with Bambdas Dec 12, 2023
• 👩‍💻IW Weekly #89: Business Logic Vulnerability, DNS Poisoning, XSS Exploitation to Steal Credentials, Payment Processor Hacking, Second Order SQL Injections, Blind CSS Exfiltration, Symfony Exploits and many more… Dec 11, 2023
• Bug Bytes #218 – Advent of Cyber, RCEs and hacking poems Dec 5, 2023
• Blind CSS Exfiltration: exfiltrate unknown web pages Dec 5, 2023
• 👩‍💻IW Weekly #88: Process Injection, Race Condition, CLRF to XSS in Snapchat, Active Directory Guide, Main App Hacking Methodology, CSP Research, CORS Misconfigurations and many more… Dec 4, 2023
• 👩‍💻IW Weekly #87: Okta for Red Teamers, Hijacking OAuth, Account Hijacking via Invite Flows, Full Time Bug Bounty Hunting, Unpredictable IDs in IDOR and many more… Nov 27, 2023
• Bug Bytes #217 – How to Submit Vulnerabilities, Writing a Great WriteUp and 2 years of Bug Bounty Nov 22, 2023
• 👩‍💻IW Weekly #86: CVE-2023-46729, Hacked Google’s Bug Tracking System, Outsmarting AI Models, Sandbox Escaping, Self-Redirect to XSS, Critical 0-day XXE to SSRF and many more… Nov 20, 2023
• 👩‍💻IW Weekly #85: LFI to RCE, DoS Bugs, RXSS on Microsoft, Race Conditions, Finding Leaked Tokens, Bypassing URL Parsers and many more… Nov 13, 2023
• 👩‍💻IW Weekly #84: DOM-based race condition, Bypassing Android Debug and root detection, F5-BIG-IP CVE-2023-46747, SQL injection on admin login , Hacking HP monitor display, Analyzing Metamask snaps and many more… Nov 6, 2023
• Bug Bytes #216 – SQL injections, Android XSS and Writing Quality Reports Nov 2, 2023
• Hacking HP Display Monitors via Monitor Control Command Set (CVE-2023-5449) Oct 31, 2023
• 👩‍💻IW Weekly #83: CVE-2023-4966, Address Bar Spoofing, SQLi to NTLM, Okta Breach, UPI Security, PII via Frontend Authentication Redirects and many more… Oct 30, 2023
• Bug Bytes #215 – Hackers in Lisbon, AI bug bounty and is this the end? Oct 25, 2023
• 👩‍💻IW Weekly #82: Single Packet Attack, Nuclei v3, DOM XSS, IDOR Insights, Bypassing CSP, AI & Hacking, Android App Hacking and many more… Oct 23, 2023
• People who say “PHP is insecure” are uninformed Oct 23, 2023
• Citrix Bleed: Leaking Session Tokens with CVE-2023-4966 Oct 23, 2023
• The single-packet attack: making remote race-conditions 'local' Oct 18, 2023
• Bug Bytes #214 – We launch a course, bug hunters go full time and the $20k bug Oct 17, 2023
• 👩‍💻IW Weekly #81: Chrome SOP Bypass, Unauthorized access to Admin panel, Access to Instagram’s private posts, Looney Tunable Linux Privilege escalation [CVE-2023-4911], NoSQL injections and many more… Oct 16, 2023
• 👩‍💻IW Weekly #80: Broken Access Control, XSS Basics, GraphQL Introspection Query, RCE Vulnerabilities, XSS Challenge, Scanners for Web Security Research and many more … Oct 9, 2023
• Passing the New OSEE Exam After Forgetting Everything Oct 7, 2023
• Cybersecurity is lost: The story of the man in the van Oct 6, 2023
• Bug Bytes #213 – Hacking a Prison, XSS on steroids, CAIDO free for students and Bogus CVEs Oct 4, 2023
• RCE in Progress WS_FTP Ad Hoc via IIS HTTP Modules (CVE-2023-40044) Oct 3, 2023
• How to build custom scanners for web security research automation Oct 3, 2023
• 👩‍💻IW Weekly #79: RCE in Google Chrome, CVE-2023-40044, OIDC misconfiguration to ATO, accessing millions of call recordings and many more.. Oct 2, 2023
• Bug Bytes #212 – XSS Payloads, IDOR prediction and Cloud Security Sep 27, 2023
• 👩‍💻IW Weekly #78: OAuth Misconfiguration, Account Takeover, Virtual Hosts, SQL Injection, Hacker Tweets, Advanced Root Detection Bypass Techniques and many more.. Sep 25, 2023
• 👩‍💻IW Weekly #77: Azure AD privilege escalation, CVE-2022-3910, Web Cache deception attack, GraphQL enumeration techniques, IDOR and many more.. Sep 18, 2023
• Bug Bytes #211 – Hacking Casinos, Microsoft’s Key Mishap, Read the Docs and ImageMagick Strikes Again Sep 13, 2023
• 👩‍💻IW Weekly #76: Android Native Libraries, Proton Mail’s Security, Source Code & Secrets exposed on Top Websites, Zero Click Mass ATO, CSP Protection Bypass on Google, Hacking Online Casino and many more.. Sep 11, 2023
• Bug Bytes #210 – Zenbleed, Interview Questions, Challenge Coins and SQL Injections Sep 6, 2023
• 👩‍💻IW Weekly #75: Privilege Escalation by request manipulation, PII Disclosure by manipulating parameters, PII leak using misconfigured API, CRLF to XSS, Blind SSRF with Out-of-band Detection and many more.. Sep 4, 2023
• 👩‍💻IW Weekly #74: RCE through Dependency Confusion, 2FA bypass in Meta, Client side Prototype pollution and its prevention, Paywall bypass, SSRF tricks and many more.. Aug 28, 2023
• Leaking File Contents with a Blind File Oracle in Flarum Aug 27, 2023
• Advisory: Flarum LFI - CVE-2023-40033 Aug 27, 2023
• Bug Bytes #209 – The only graphQL wordlist you need, ML bug hunting and VDP submissions Aug 23, 2023
• 👩‍💻IW Weekly #73: ATO in Shopify Stores, CVE-2023-36809, Risks in Cross-Chain Bridges, Bypassing Firewalls, Hacking iOS Apps, Uncovering Zenbleed and many more.. Aug 21, 2023
• 👩‍💻IW Weekly #72: GraphQL Hacking, SSO Vulnerabilities, Race Condition Vulnerabilities, SQLMap & Server Side Request Forgery Tips, Sandwich Attack and many more.. Aug 14, 2023
• Smashing the state machine: the true potential of web race conditions Aug 9, 2023
• Finding and Exploiting Citrix NetScaler Buffer Overflow (CVE-2023-3519) (Part 3) Aug 8, 2023
• 👩‍💻IW Weekly #71: Introduction to AD pentesting, XSS via exported activity, using HOTW to leak CSRF token, full access to airline points, SSRFs and many more.. Aug 7, 2023
• Leaked Secrets and Unlimited Miles: Hacking the Largest Airline and Hotel Rewards Platform Aug 3, 2023
• 👩‍💻IW Weekly #70: NFT Bridge Vulnerability, CVE-2023-3519 Deep Analysis, RCE in Huawei Theme Manager, Preauth RCE in Metabase, Chaining Bugs for Session Hijack and many more.. Jul 31, 2023
• 👩‍💻IW Weekly #69: OpenSSH RCE, Xamarin Applications Reverse Engineering, Puzzled XSS, CVE-2023-3519 analysis, XSS and CORS bypass and many more.. Jul 24, 2023
• Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway (Part 2) Jul 24, 2023
• Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646) Jul 22, 2023
• Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway Jul 21, 2023
• Advisory: Metabase Pre-Auth RCE (CVE-2023-38646) Jul 21, 2023
• Bug Bytes #208 – Burp gets an update, Sharefile gets a CVE and JavaScript files get analysed Jul 19, 2023
• 👩‍💻IW Weekly #68: Account Takeover using Custom OTP, CVE-2023-36934, Investigating EC2 , XSS in hidden inputs , macOS user's real name brute-forced with mDNS and many more.. Jul 17, 2023
• Exploiting XSS in hidden inputs and meta tags Jul 11, 2023
• Bug Bytes #207 -IIS, LLMs and iOS Jul 11, 2023
• 👩‍💻IW Weekly #67: Joining Google as Red Teamer, Finding 100 vulnerabilities, Tale of DOM-XSS, Impactful SSRF, Busting fake Privacy Policy and many more.. Jul 10, 2023
• Bug Bytes #206 – Citrix more like Crit-trix amiright? Jul 5, 2023
• Encrypted Doesn't Mean Authenticated: ShareFile RCE (CVE-2023-24489) Jul 4, 2023
• 👩‍💻IW Weekly #66: Citrix Gateaway-XSS, Web cache Deception, DNS Analyzer, ATO to XSS in GarphQL API, AWS S3 Bucket Leaks, $250K Coinbase API Hack and many more… Jul 3, 2023
• Advisory: ShareFile Pre-Auth RCE (CVE-2023-24489) Jul 3, 2023
• 10 tips for crushing bug bounties Jul 2, 2023
• Reversing Citrix Gateway for XSS Jun 29, 2023
• Bug Bytes #205 – Live Hacking, AI Hacking and Helicopter Hacking Jun 28, 2023
• Bug Bytes #204 – Everything You Missed From NahamCon Jun 21, 2023
• How I choose a security research topic Jun 14, 2023
• Bypassing CSP via DOM clobbering Jun 5, 2023
• A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF... May 5, 2023
• Ambushed by AngularJS: a hidden CSP bypass in Piwik PRO Apr 28, 2023
• Rule Writing for CodeQL and Semgrep Apr 8, 2023
• The curl quirk that exposed Burp Suite & Google Chrome Mar 28, 2023
• Exploiting prototype pollution in Node without the filesystem Mar 23, 2023
• Server-side prototype pollution: Black-box detection without the DoS Feb 15, 2023
• Top 10 web hacking techniques of 2022 Feb 8, 2023
• Fearless CORS: a design philosophy for CORS middleware libraries (and a Go implementation) Feb 8, 2023
• DOM-XSS in Instant Games due to improper verification of supplied URLs Jan 29, 2023
• Account takeover of Facebook/Oculus accounts due to First-Party access_token stealing Jan 29, 2023
• Account takeover of Facebook/Oculus accounts due to First-Party access_token stealing Jan 29, 2023
• Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation Jan 29, 2023
• Top 10 web hacking techniques of 2022 - nominations open Jan 4, 2023
• Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More Jan 3, 2023
• I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS Dec 17, 2022
• Hijacking service workers via DOM Clobbering Nov 29, 2022
• So, you want to get into bug bounties? Nov 26, 2022
• Bug Bounty Calculator – Crunch the numbers and optimize your VDP Nov 17, 2022
• Stealing passwords from infosec Mastodon - without bypassing CSP Nov 15, 2022
• Detecting web message misconfigurations for cross-domain credential theft Nov 9, 2022
• Safari is hot-linking images to semi-random websites Oct 31, 2022
• HTTP/3 connection contamination: an upcoming threat? Oct 19, 2022
• Our favourite community contributions to the XSS cheat sheet Oct 3, 2022
• Making HTTP header injection critical via response queue poisoning Sep 22, 2022
• Exploiting Web3's Hidden Attack Surface: Universal XSS on Netlify's Next.js Library Sep 21, 2022
• Challendar: Creating a Challenge for The Infosecurity Challenge 2022 Sep 19, 2022
• The seventh way to call a JavaScript function without parentheses Sep 12, 2022
• Existence oracle for Secure cookies on insecure Web origins Sep 12, 2022
• How to turn security research into profit: a CL.0 case study Sep 6, 2022
• Using Hackability to uncover a Chrome infoleak Sep 1, 2022
• Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrl Aug 29, 2022
• You Have One New Appwntment: Exploiting iCalendar Properties in Enterprise Applications Aug 18, 2022
• Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling Aug 10, 2022
• Scraping the bottom of the CORS barrel (part 1) Aug 4, 2022
• Framing without iframes Jul 27, 2022
• Bypassing Firefox's HTML Sanitizer API Jun 29, 2022
• Widespread prototype pollution gadgets Jun 22, 2022
• The ugly side of collaboration in bug bounties Jun 21, 2022
• The ugly side of collaboration in bug bounties Jun 18, 2022
• Embedding Payloads and Bypassing Controls in Microsoft InfoPath Jun 18, 2022
• Bypassing CSP with dangling iframes Jun 14, 2022
• Multiple bugs chained to takeover Facebook Accounts which uses Gmail. May 14, 2022
• Hunting evasive vulnerabilities May 13, 2022
• New XSS vectors Apr 20, 2022
• Remote Code Execution vs. Remote Command Execution vs. Code Injection vs. Command Injection vs. RCE Apr 2, 2022
• More secure Facebook Canvas Part 2: More Account Takeovers Mar 4, 2022
• Turbo Intruder – Hacker Tools: Going faster than ever! 👩‍💻 Mar 1, 2022
• Top 10 web hacking techniques of 2021 Feb 9, 2022
• CVE-2022-21703: cross-origin request forgery against Grafana Feb 8, 2022
• Solving DOM XSS Puzzles Feb 3, 2022
• Meg – Hacker Tools: Endpoint scan the masses! 👩‍💻 Feb 1, 2022
• EyeWitness – Hacker Tools: Hacking through screenshots 👩‍💻 Jan 11, 2022
• Top 10 web hacking techniques of 2021 - nominations open Jan 5, 2022
• 2Q21: New Year's Reflections Dec 31, 2021
• uBlock, I exfiltrate: exploiting ad blockers with CSS Dec 6, 2021
• The InfoSecurity Challenge 2021 Full Writeup: Battle Royale for $30k Nov 26, 2021
• GoSpider – Hacker Tools: Enumerate the web! 👩‍💻 Nov 23, 2021
• All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021-38646) Oct 22, 2021
• Creating a 3D world in pure CSS Oct 13, 2021
• Abusing Slack's file-sharing functionality to de-anonymise fellow workspace members Oct 12, 2021
• CRLFuzz – Hacker Tools: Injecting CRLF for bounties 👩‍💻 Oct 5, 2021
• Multiple bugs allowed malicious Android Applications to takeover Facebook/Workplace accounts Sep 29, 2021
• Multiple bugs allowed malicious Android Applications to takeover Facebook/Workplace accounts Sep 29, 2021
• All Your (d)Base Are Belong To Us, Part 1: Code Execution in Apache OpenOffice (CVE-2021-33035) Sep 29, 2021
• Waybackurls – Hacker Tools: Time-traveling for bounties 👩‍💻 Sep 24, 2021
• Hunting nonce-based CSP bypasses with dynamic analysis Sep 17, 2021
• Down the Rabbit Hole: Unusual Applications of OpenAI in Cybersecurity Tooling Sep 17, 2021
• Dalfox – Hacker Tools: XSS Scanning Made Easy 👩‍💻 Sep 14, 2021
• KiteRunner – Hacker Tools: Next-level API hacking 👩‍💻 Sep 7, 2021
• More secure Facebook Canvas : Tale of $126k worth of bugs that lead to Facebook Account Takeovers Sep 3, 2021
• 👩‍💻 Hacker Tools: WPScan – Your WordPress isn’t safe! Aug 31, 2021
• HTTP/2: The Sequel is Always Worse Aug 5, 2021
• How to achieve enterprise-grade attack-surface monitoring with open source software Jul 21, 2021
• A hackers perspective on bug bounty triage Jul 21, 2021
• alert() is dead, long live print() Jul 2, 2021
• Finding DOM Polyglot XSS in PayPal the Easy Way Jun 30, 2021
• Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) Jun 29, 2021
• Oversightboard.com site-wide CSRF due to missing checking Jun 27, 2021
• Disclose unconfirmed email/phone of a Facebook user Jun 27, 2021
• Disclose unconfirmed email/phone of a Facebook user Jun 27, 2021
• ROP and Roll: EXP-301 Offensive Security Exploit Developer (OSED) Review and Exam Jun 23, 2021
• A hackers perspective on bug bounty triage Jun 21, 2021
• Hacking, ethics, inner conflict: Are we on the brink of a Hacktivism revival? Jun 8, 2021
• List of Cybersecurity Subreddits May 27, 2021
• Life's a Peach (Fuzzer): How to Build and Use GitLab's Open-Source Protocol Fuzzer May 22, 2021
• Oculus SSO “Account Linking” bug leads to account takeover on third party websites and inside VR Games/Apps May 20, 2021
• Oculus SSO “Account Linking” bug leads to account takeover on third party websites and inside VR Games/Apps May 20, 2021
• How to hack your ex-girlfriend’s Facebook account May 20, 2021
• Why I Quit My Job at Bugcrowd May 5, 2021
• nOtWASP bottom 10: vulnerabilities that make you cry Apr 1, 2021
• Hidden OAuth attack vectors Mar 24, 2021
• Introducing Haktrails: A Small CLI Tool Harnessing the Power of SecurityTrails Mar 17, 2021
• Offensive Security Experienced Penetration Tester (OSEP) Review and Exam Mar 11, 2021
• Subdomain takeover: ignore this vulnerability at your peril Feb 12, 2021
• Applying Offensive Reverse Engineering to Facebook Gameroom Feb 2, 2021
• The great SameSite confusion Jan 29, 2021
• A Glossary of Blind SSRF Chains Jan 14, 2021
• Supply Chain Pollution: Hunting a 16 Million Download/Week npm Package Vulnerability for a CTF Challenge Dec 23, 2020
• Supply Chain Pollution: Hunting a 16 Million Download/Week npm Package Vulnerability for a CTF Challenge Dec 23, 2020
• Hacking Chess.com and Accessing 50 Million Customer Records Dec 16, 2020
• Imposter Alert: Extracting and Reversing Metasploit Payloads (Flare-On 2020 Challenge 7) Dec 3, 2020
• We Hacked Apple for 3 Months: Here’s What We Found Oct 7, 2020
• Finding Hidden Files and Folders on IIS using BigQuery Sep 18, 2020
• Beat The Clock: The CSIT InfoSecurity Challenge Sep 18, 2020
• Hacking on Bug Bounties for Four Years Sep 15, 2020
• Perspective is Everything Aug 28, 2020
• Open Sesame: Escalating Open Redirect to RCE with Electron Code Review Aug 14, 2020
• Protecting your apps from link-based vulnerabilities: reverse tabnabbing, broken-link hijacking, and open redirects Jul 29, 2020
• A glimpse at parametric polymorphism in Go: designing a generic bidirectional map Jul 21, 2020
• Leveraging an SSRF to leak a secret API key Jun 22, 2020
• Hacking Starbucks and Accessing Nearly 100 Million Customer Records Jun 20, 2020
• Chaining an IDOR with a business-logic error to achieve critical impact May 26, 2020
• Closing the Loop: Practical Attacks and Defences for GraphQL APIs May 15, 2020
• Don't Force Yourself to Become a Bug Bounty Hunter May 11, 2020
• Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts Apr 19, 2020
• Same Same But Different: Discovering SQL Injections Incrementally with Isomorphic SQL Statements Apr 5, 2020
• Plugging Git leaks: preventing and fixing information exposure in repositories Feb 26, 2020
• A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell Feb 18, 2020
• Expanding the Attack Surface: React Native Android Applications Feb 1, 2020
• Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2 Jan 12, 2020
• Low-Hanging Apples: Hunting Credentials and Secrets in iOS Apps Dec 29, 2019
• From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13 Dec 15, 2019
• Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty Nov 1, 2019
• Analysis of CVE-2019-14994 - Jira Service Desk Path Traversal leads to Massive Information Disclosure Sep 26, 2019
• Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program Jul 14, 2019
• Discovering a zero day and getting code execution on Mozilla's AWS Network May 19, 2019
• Summary of dotGo 2019 Apr 11, 2019
• Discovering a zero day and getting code execution on Mozilla's AWS Network Mar 19, 2019
• Gaining access to Uber's user data through AMPScript evaluation Jan 14, 2019
• Reading ASP secrets for $17,000 Dec 17, 2018
• Access control in Go: a primer for Java developers Aug 22, 2018
• Defer: sweet, but no syntactic sugar Aug 15, 2018
• The $12,000 Intersection between Clickjacking, XSS, and Denial of Service Jul 4, 2018
• Hacking a Massive Steam Scamming and Phishing Operation for Fun and Profit May 9, 2018
• Exploiting Directory Traversal to View Customer Credit Card Information on Yahoo's Small Business Platform Nov 10, 2017
• How I gained access to chef, docker, AWS, and MongoDB instances in a single request Aug 3, 2017
• Permanent account takeover on Yahoo's Small Business platform Jun 25, 2017
• How I could've taken over the production server of a Yahoo acquisition through command injection Jun 4, 2017
• Eradicating image authentication injection from the entire internet May 10, 2017
• How I stole the identity of every Yahoo user May 9, 2017
• High frequency security bug hunting: 120 days, 120 bugs Jul 29, 2016
• High frequency security bug hunting: 120 days, 120 bugs Jun 29, 2016
• Using ngrok to proxy internal servers in restrictive environments Nov 18, 2015
• Abusing URL Shortners to discover sensitive resources or assets Sep 22, 2015
• Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions Jul 16, 2015
• Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions Jun 15, 2015
• Security for young people in Australia May 13, 2015
• Exploiting Markdown Syntax and Telescope Persistent XSS through Markdown (CVE-2014-5144) Feb 7, 2015