https://0x01.pages.dev/posts/exploiting_markdown_syntax_and_telescope_persistent_xss_through_markdown_(cve-2014-5144)/ 2015-02-07T00:00:00+00:00 https://0x01.pages.dev/posts/security_for_young_people_in_australia/ 2015-05-13T00:00:00+00:00 https://0x01.pages.dev/posts/enumerating_ips_in_x-forwarded-headers_to_bypass_403_restrictions/ 2015-06-15T00:00:00+00:00 https://0x01.pages.dev/posts/enumerating_ips_in_x-forwarded-headers_to_bypass_403_restrictions/ 2015-07-16T00:00:00+00:00 https://0x01.pages.dev/posts/abusing_url_shortners_to_discover_sensitive_resources_or_assets/ 2015-09-22T00:00:00+00:00 https://0x01.pages.dev/posts/using_ngrok_to_proxy_internal_servers_in_restrictive_environments/ 2015-11-18T00:00:00+00:00 https://0x01.pages.dev/posts/high_frequency_security_bug_hunting-_120_days,_120_bugs/ 2016-06-29T00:00:00+00:00 https://0x01.pages.dev/posts/high_frequency_security_bug_hunting-_120_days,_120_bugs/ 2016-07-29T00:00:00+00:00 https://0x01.pages.dev/posts/how_i_stole_the_identity_of_every_yahoo_user/ 2017-05-09T00:00:00+00:00 https://0x01.pages.dev/posts/eradicating_image_authentication_injection_from_the_entire_internet/ 2017-05-10T00:00:00+00:00 https://0x01.pages.dev/posts/how_i_could've_taken_over_the_production_server_of_a_yahoo_acquisition_through_command_injection/ 2017-06-04T00:00:00+00:00 https://0x01.pages.dev/posts/permanent_account_takeover_on_yahoo's_small_business_platform/ 2017-06-25T00:00:00+00:00 https://0x01.pages.dev/posts/how_i_gained_access_to_chef,_docker,_aws,_and_mongodb_instances_in_a_single_request/ 2017-08-03T00:00:00+00:00 https://0x01.pages.dev/posts/exploiting_directory_traversal_to_view_customer_credit_card_information_on_yahoo's_small_business_platform/ 2017-11-10T00:00:00+00:00 https://0x01.pages.dev/posts/hacking_a_massive_steam_scamming_and_phishing_operation_for_fun_and_profit/ 2018-05-09T00:00:00+00:00 https://0x01.pages.dev/posts/the_$12,000_intersection_between_clickjacking,_xss,_and_denial_of_service/ 2018-07-04T00:00:00+00:00 https://0x01.pages.dev/posts/defer-_sweet,_but_no_syntactic_sugar/ 2018-08-15T00:00:00+00:00 https://0x01.pages.dev/posts/access_control_in_go-_a_primer_for_java_developers/ 2018-08-22T00:00:00+00:00 https://0x01.pages.dev/posts/reading_asp_secrets_for_$17,000/ 2018-12-17T00:00:00+00:00 https://0x01.pages.dev/posts/gaining_access_to_uber's_user_data_through_ampscript_evaluation/ 2019-01-14T00:00:00+00:00 https://0x01.pages.dev/posts/discovering_a_zero_day_and_getting_code_execution_on_mozilla's_aws_network/ 2019-03-19T00:00:00+00:00 https://0x01.pages.dev/posts/summary_of_dotgo_2019/ 2019-04-11T00:00:00+00:00 https://0x01.pages.dev/posts/discovering_a_zero_day_and_getting_code_execution_on_mozilla's_aws_network/ 2019-05-19T00:00:00+00:00 https://0x01.pages.dev/posts/cracking_my_windshield_and_earning_$10,000_on_the_tesla_bug_bounty_program/ 2019-07-14T00:00:00+00:00 https://0x01.pages.dev/posts/analysis_of_cve-2019-14994_-_jira_service_desk_path_traversal_leads_to_massive_information_disclosure/ 2019-09-26T00:00:00+00:00 https://0x01.pages.dev/posts/filling_in_the_blanks-_exploiting_null_byte_buffer_overflow_for_a_$40,000_bounty/ 2019-11-01T00:00:00+00:00 https://0x01.pages.dev/posts/from_checkra1n_to_frida-_ios_app_pentesting_quickstart_on_ios_13/ 2019-12-15T00:00:00+00:00 https://0x01.pages.dev/posts/low-hanging_apples-_hunting_credentials_and_secrets_in_ios_apps/ 2019-12-29T00:00:00+00:00 https://0x01.pages.dev/posts/remote_code_execution_in_three_acts-_chaining_exposed_actuators_and_h2_database_aliases_in_spring_boot_2/ 2020-01-12T00:00:00+00:00 https://0x01.pages.dev/posts/expanding_the_attack_surface-_react_native_android_applications/ 2020-02-01T00:00:00+00:00 https://0x01.pages.dev/posts/a_tale_of_two_formats-_exploiting_insecure_xml_and_zip_file_parsers_to_create_a_web_shell/ 2020-02-18T00:00:00+00:00 https://0x01.pages.dev/posts/plugging_git_leaks-_preventing_and_fixing_information_exposure_in_repositories/ 2020-02-26T00:00:00+00:00 https://0x01.pages.dev/posts/same_same_but_different-_discovering_sql_injections_incrementally_with_isomorphic_sql_statements/ 2020-04-05T00:00:00+00:00 https://0x01.pages.dev/posts/abusing_http_path_normalization_and_cache_poisoning_to_steal_rocket_league_accounts/ 2020-04-19T00:00:00+00:00 https://0x01.pages.dev/posts/don't_force_yourself_to_become_a_bug_bounty_hunter/ 2020-05-11T00:00:00+00:00 https://0x01.pages.dev/posts/closing_the_loop-_practical_attacks_and_defences_for_graphql_apis/ 2020-05-15T00:00:00+00:00 https://0x01.pages.dev/posts/chaining_an_idor_with_a_business-logic_error_to_achieve_critical_impact/ 2020-05-26T00:00:00+00:00 https://0x01.pages.dev/posts/hacking_starbucks_and_accessing_nearly_100_million_customer_records/ 2020-06-20T00:00:00+00:00 https://0x01.pages.dev/posts/leveraging_an_ssrf_to_leak_a_secret_api_key/ 2020-06-22T00:00:00+00:00 https://0x01.pages.dev/posts/a_glimpse_at_parametric_polymorphism_in_go-_designing_a_generic_bidirectional_map/ 2020-07-21T00:00:00+00:00 https://0x01.pages.dev/posts/protecting_your_apps_from_link-based_vulnerabilities-_reverse_tabnabbing,_broken-link_hijacking,_and_open_redirects/ 2020-07-29T00:00:00+00:00 https://0x01.pages.dev/posts/open_sesame-_escalating_open_redirect_to_rce_with_electron_code_review/ 2020-08-14T00:00:00+00:00 https://0x01.pages.dev/posts/perspective_is_everything/ 2020-08-28T00:00:00+00:00 https://0x01.pages.dev/posts/hacking_on_bug_bounties_for_four_years/ 2020-09-15T00:00:00+00:00 https://0x01.pages.dev/posts/beat_the_clock-_the_csit_infosecurity_challenge/ 2020-09-18T00:00:00+00:00 https://0x01.pages.dev/posts/finding_hidden_files_and_folders_on_iis_using_bigquery/ 2020-09-18T00:00:00+00:00 https://0x01.pages.dev/posts/we_hacked_apple_for_3_months-_here-s_what_we_found/ 2020-10-07T00:00:00+00:00 https://0x01.pages.dev/posts/imposter_alert-_extracting_and_reversing_metasploit_payloads_(flare-on_2020_challenge_7)/ 2020-12-03T00:00:00+00:00 https://0x01.pages.dev/posts/hacking_chess.com_and_accessing_50_million_customer_records/ 2020-12-16T00:00:00+00:00 https://0x01.pages.dev/posts/supply_chain_pollution-_hunting_a_16_million_download&week_npm_package_vulnerability_for_a_ctf_challenge/ 2020-12-23T00:00:00+00:00 https://0x01.pages.dev/posts/supply_chain_pollution-_hunting_a_16_million_download_&_week_npm_package_vulnerability_for_a_ctf_challenge/ 2020-12-23T00:00:00+00:00 https://0x01.pages.dev/posts/a_glossary_of_blind_ssrf_chains/ 2021-01-14T00:00:00+00:00 https://0x01.pages.dev/posts/the_great_samesite_confusion/ 2021-01-29T00:00:00+00:00 https://0x01.pages.dev/posts/applying_offensive_reverse_engineering_to_facebook_gameroom/ 2021-02-02T00:00:00+00:00 https://0x01.pages.dev/posts/subdomain_takeover-_ignore_this_vulnerability_at_your_peril/ 2021-02-12T00:00:00+00:00 https://0x01.pages.dev/posts/offensive_security_experienced_penetration_tester_(osep)_review_and_exam/ 2021-03-11T00:00:00+00:00 https://0x01.pages.dev/posts/introducing_haktrails-_a_small_cli_tool_harnessing_the_power_of_securitytrails/ 2021-03-17T00:00:00+00:00 https://0x01.pages.dev/posts/hidden_oauth_attack_vectors/ 2021-03-24T00:00:00+00:00 https://0x01.pages.dev/posts/notwasp_bottom_10-_vulnerabilities_that_make_you_cry/ 2021-04-01T00:00:00+00:00 https://0x01.pages.dev/posts/why_i_quit_my_job_at_bugcrowd/ 2021-05-05T00:00:00+00:00 https://0x01.pages.dev/posts/how_to_hack_your_ex-girlfriend-s_facebook_account/ 2021-05-20T00:00:00+00:00 https://0x01.pages.dev/posts/oculus_sso_-account_linking-_bug_leads_to_account_takeover_on_third_party_websites_and_inside_vr_games&apps/ 2021-05-20T00:00:00+00:00 https://0x01.pages.dev/posts/oculus_sso_-account_linking-_bug_leads_to_account_takeover_on_third_party_websites_and_inside_vr_games_&_apps/ 2021-05-20T00:00:00+00:00 https://0x01.pages.dev/posts/life's_a_peach_(fuzzer)-_how_to_build_and_use_gitlab's_open-source_protocol_fuzzer/ 2021-05-22T00:00:00+00:00 https://0x01.pages.dev/posts/list_of_cybersecurity_subreddits/ 2021-05-27T00:00:00+00:00 https://0x01.pages.dev/posts/hacking,_ethics,_inner_conflict-_are_we_on_the_brink_of_a_hacktivism_revival/ 2021-06-08T00:00:00+00:00 https://0x01.pages.dev/posts/a_hackers_perspective_on_bug_bounty_triage/ 2021-06-21T00:00:00+00:00 https://0x01.pages.dev/posts/rop_and_roll-_exp-301_offensive_security_exploit_developer_(osed)_review_and_exam/ 2021-06-23T00:00:00+00:00 https://0x01.pages.dev/posts/disclose_unconfirmed_email&phone_of_a_facebook_user/ 2021-06-27T00:00:00+00:00 https://0x01.pages.dev/posts/disclose_unconfirmed_email_&_phone_of_a_facebook_user/ 2021-06-27T00:00:00+00:00 https://0x01.pages.dev/posts/oversightboard.com_site-wide_csrf_due_to_missing_checking/ 2021-06-27T00:00:00+00:00 https://0x01.pages.dev/posts/pre-auth_rce_in_forgerock_openam_(cve-2021-35464)/ 2021-06-29T00:00:00+00:00 https://0x01.pages.dev/posts/finding_dom_polyglot_xss_in_paypal_the_easy_way/ 2021-06-30T00:00:00+00:00 https://0x01.pages.dev/posts/alert()_is_dead,_long_live_print()/ 2021-07-02T00:00:00+00:00 https://0x01.pages.dev/posts/a_hackers_perspective_on_bug_bounty_triage/ 2021-07-21T00:00:00+00:00 https://0x01.pages.dev/posts/how_to_achieve_enterprise-grade_attack-surface_monitoring_with_open_source_software/ 2021-07-21T00:00:00+00:00 https://0x01.pages.dev/posts/http_&_2-_the_sequel_is_always_worse/ 2021-08-05T00:00:00+00:00 https://0x01.pages.dev/posts/_hacker_tools-_wpscan_-_your_wordpress_isn-t_safe!/ 2021-08-31T00:00:00+00:00 https://0x01.pages.dev/posts/more_secure_facebook_canvas_-_tale_of_$126k_worth_of_bugs_that_lead_to_facebook_account_takeovers/ 2021-09-03T00:00:00+00:00 https://0x01.pages.dev/posts/kiterunner_-_hacker_tools-_next-level_api_hacking_/ 2021-09-07T00:00:00+00:00 https://0x01.pages.dev/posts/dalfox_-_hacker_tools-_xss_scanning_made_easy_/ 2021-09-14T00:00:00+00:00 https://0x01.pages.dev/posts/down_the_rabbit_hole-_unusual_applications_of_openai_in_cybersecurity_tooling/ 2021-09-17T00:00:00+00:00 https://0x01.pages.dev/posts/hunting_nonce-based_csp_bypasses_with_dynamic_analysis/ 2021-09-17T00:00:00+00:00 https://0x01.pages.dev/posts/waybackurls_-_hacker_tools-_time-traveling_for_bounties_/ 2021-09-24T00:00:00+00:00 https://0x01.pages.dev/posts/all_your_(d)base_are_belong_to_us,_part_1-_code_execution_in_apache_openoffice_(cve-2021-33035)/ 2021-09-29T00:00:00+00:00 https://0x01.pages.dev/posts/multiple_bugs_allowed_malicious_android_applications_to_takeover_facebook&workplace_accounts/ 2021-09-29T00:00:00+00:00 https://0x01.pages.dev/posts/multiple_bugs_allowed_malicious_android_applications_to_takeover_facebook_&_workplace_accounts/ 2021-09-29T00:00:00+00:00 https://0x01.pages.dev/posts/crlfuzz_-_hacker_tools-__injecting_crlf_for_bounties_/ 2021-10-05T00:00:00+00:00 https://0x01.pages.dev/posts/abusing_slack's_file-sharing_functionality_to_de-anonymise_fellow_workspace_members/ 2021-10-12T00:00:00+00:00 https://0x01.pages.dev/posts/creating_a_3d_world_in_pure_css/ 2021-10-13T00:00:00+00:00 https://0x01.pages.dev/posts/all_your_(d)base_are_belong_to_us,_part_2-_code_execution_in_microsoft_office_(cve-2021-38646)/ 2021-10-22T00:00:00+00:00 https://0x01.pages.dev/posts/gospider_-_hacker_tools-__enumerate_the_web!_/ 2021-11-23T00:00:00+00:00 https://0x01.pages.dev/posts/the_infosecurity_challenge_2021_full_writeup-_battle_royale_for_$30k/ 2021-11-26T00:00:00+00:00 https://0x01.pages.dev/posts/ublock,_i_exfiltrate-_exploiting_ad_blockers_with_css/ 2021-12-06T00:00:00+00:00 https://0x01.pages.dev/posts/2q21-_new_year's_reflections/ 2021-12-31T00:00:00+00:00 https://0x01.pages.dev/posts/top_10_web_hacking_techniques_of_2021_-_nominations_open/ 2022-01-05T00:00:00+00:00 https://0x01.pages.dev/posts/eyewitness_-_hacker_tools-__hacking_through_screenshots_/ 2022-01-11T00:00:00+00:00 https://0x01.pages.dev/posts/meg_-_hacker_tools-_endpoint_scan_the_masses!_/ 2022-02-01T00:00:00+00:00 https://0x01.pages.dev/posts/solving_dom_xss_puzzles/ 2022-02-03T00:00:00+00:00 https://0x01.pages.dev/posts/cve-2022-21703-_cross-origin_request_forgery_against_grafana/ 2022-02-08T00:00:00+00:00 https://0x01.pages.dev/posts/top_10_web_hacking_techniques_of_2021/ 2022-02-09T00:00:00+00:00 https://0x01.pages.dev/posts/turbo_intruder_-_hacker_tools-_going_faster_than_ever!_/ 2022-03-01T00:00:00+00:00 https://0x01.pages.dev/posts/more_secure_facebook_canvas_part_2-_more_account_takeovers/ 2022-03-04T00:00:00+00:00 https://0x01.pages.dev/posts/remote_code_execution_vs._remote_command_execution_vs._code_injection_vs._command_injection_vs._rce/ 2022-04-02T00:00:00+00:00 https://0x01.pages.dev/posts/new_xss_vectors/ 2022-04-20T00:00:00+00:00 https://0x01.pages.dev/posts/hunting_evasive_vulnerabilities/ 2022-05-13T00:00:00+00:00 https://0x01.pages.dev/posts/multiple_bugs_chained_to_takeover_facebook_accounts_which_uses_gmail/ 2022-05-14T00:00:00+00:00 https://0x01.pages.dev/posts/bypassing_csp_with_dangling_iframes/ 2022-06-14T00:00:00+00:00 https://0x01.pages.dev/posts/embedding_payloads_and_bypassing_controls_in_microsoft_infopath/ 2022-06-18T00:00:00+00:00 https://0x01.pages.dev/posts/the_ugly_side_of_collaboration_in_bug_bounties/ 2022-06-18T00:00:00+00:00 https://0x01.pages.dev/posts/the_ugly_side_of_collaboration_in_bug_bounties/ 2022-06-21T00:00:00+00:00 https://0x01.pages.dev/posts/widespread_prototype_pollution_gadgets/ 2022-06-22T00:00:00+00:00 https://0x01.pages.dev/posts/bypassing_firefox's_html_sanitizer_api/ 2022-06-29T00:00:00+00:00 https://0x01.pages.dev/posts/framing_without_iframes/ 2022-07-27T00:00:00+00:00 https://0x01.pages.dev/posts/scraping_the_bottom_of_the_cors_barrel_(part_1)/ 2022-08-04T00:00:00+00:00 https://0x01.pages.dev/posts/browser-powered_desync_attacks-_a_new_frontier_in_http_request_smuggling/ 2022-08-10T00:00:00+00:00 https://0x01.pages.dev/posts/you_have_one_new_appwntment-_exploiting_icalendar_properties_in_enterprise_applications/ 2022-08-18T00:00:00+00:00 https://0x01.pages.dev/posts/exploiting_improper_validation_of_amazon_simple_notification_service_signingcerturl/ 2022-08-29T00:00:00+00:00 https://0x01.pages.dev/posts/using_hackability_to_uncover_a_chrome_infoleak/ 2022-09-01T00:00:00+00:00 https://0x01.pages.dev/posts/how_to_turn_security_research_into_profit-_a_cl.0_case_study/ 2022-09-06T00:00:00+00:00 https://0x01.pages.dev/posts/existence_oracle_for_secure_cookies_on_insecure_web_origins/ 2022-09-12T00:00:00+00:00 https://0x01.pages.dev/posts/the_seventh_way_to_call_a_javascript_function_without_parentheses/ 2022-09-12T00:00:00+00:00 https://0x01.pages.dev/posts/challendar-_creating_a_challenge_for_the_infosecurity_challenge_2022/ 2022-09-19T00:00:00+00:00 https://0x01.pages.dev/posts/exploiting_web3's_hidden_attack_surface-_universal_xss_on_netlify's_next.js_library/ 2022-09-21T00:00:00+00:00 https://0x01.pages.dev/posts/making_http_header_injection_critical_via_response_queue_poisoning/ 2022-09-22T00:00:00+00:00 https://0x01.pages.dev/posts/our_favourite_community_contributions_to_the_xss_cheat_sheet/ 2022-10-03T00:00:00+00:00 https://0x01.pages.dev/posts/http_&_3_connection_contamination-_an_upcoming_threat/ 2022-10-19T00:00:00+00:00 https://0x01.pages.dev/posts/safari_is_hot-linking_images_to_semi-random_websites/ 2022-10-31T00:00:00+00:00 https://0x01.pages.dev/posts/detecting_web_message_misconfigurations_for_cross-domain_credential_theft/ 2022-11-09T00:00:00+00:00 https://0x01.pages.dev/posts/stealing_passwords_from_infosec_mastodon_-_without_bypassing_csp/ 2022-11-15T00:00:00+00:00 https://0x01.pages.dev/posts/bug_bounty_calculator_-_crunch_the_numbers_and_optimize_your_vdp/ 2022-11-17T00:00:00+00:00 https://0x01.pages.dev/posts/so,_you_want_to_get_into_bug_bounties/ 2022-11-26T00:00:00+00:00 https://0x01.pages.dev/posts/hijacking_service_workers_via_dom_clobbering/ 2022-11-29T00:00:00+00:00 https://0x01.pages.dev/posts/i_hope_this_sticks-_analyzing_clipboardevent_listeners_for_stored_xss/ 2022-12-17T00:00:00+00:00 https://0x01.pages.dev/posts/web_hackers_vs._the_auto_industry-_critical_vulnerabilities_in_ferrari,_bmw,_rolls_royce,_porsche,_and_more/ 2023-01-03T00:00:00+00:00 https://0x01.pages.dev/posts/top_10_web_hacking_techniques_of_2022_-_nominations_open/ 2023-01-04T00:00:00+00:00 https://0x01.pages.dev/posts/account_takeover_in_canvas_apps_served_in_comet_due_to_failure_in_cross-window-message_origin_validation/ 2023-01-29T00:00:00+00:00 https://0x01.pages.dev/posts/account_takeover_of_facebook&oculus_accounts_due_to_first-party_access_token_stealing/ 2023-01-29T00:00:00+00:00 https://0x01.pages.dev/posts/account_takeover_of_facebook_&_oculus_accounts_due_to_first-party_access_token_stealing/ 2023-01-29T00:00:00+00:00 https://0x01.pages.dev/posts/dom-xss_in_instant_games_due_to_improper_verification_of_supplied_urls/ 2023-01-29T00:00:00+00:00 https://0x01.pages.dev/posts/fearless_cors-_a_design_philosophy_for_cors_middleware_libraries_(and_a_go_implementation)/ 2023-02-08T00:00:00+00:00 https://0x01.pages.dev/posts/top_10_web_hacking_techniques_of_2022/ 2023-02-08T00:00:00+00:00 https://0x01.pages.dev/posts/server-side_prototype_pollution-_black-box_detection_without_the_dos/ 2023-02-15T00:00:00+00:00 https://0x01.pages.dev/posts/exploiting_prototype_pollution_in_node_without_the_filesystem/ 2023-03-23T00:00:00+00:00 https://0x01.pages.dev/posts/the_curl_quirk_that_exposed_burp_suite_&_google_chrome/ 2023-03-28T00:00:00+00:00 https://0x01.pages.dev/posts/rule_writing_for_codeql_and_semgrep/ 2023-04-08T00:00:00+00:00 https://0x01.pages.dev/posts/ambushed_by_angularjs-_a_hidden_csp_bypass_in_piwik_pro/ 2023-04-28T00:00:00+00:00 https://0x01.pages.dev/posts/a_smorgasbord_of_a_bug_chain-_postmessage,_jsonp,_waf_bypass,_dom-based_xss,_cors,_csrf/ 2023-05-05T00:00:00+00:00 https://0x01.pages.dev/posts/bypassing_csp_via_dom_clobbering/ 2023-06-05T00:00:00+00:00 https://0x01.pages.dev/posts/how_i_choose_a_security_research_topic/ 2023-06-14T00:00:00+00:00 https://0x01.pages.dev/posts/bug_bytes_-204_-_everything_you_missed_from_nahamcon/ 2023-06-21T00:00:00+00:00 https://0x01.pages.dev/posts/bug_bytes_-205_-_live_hacking,_ai_hacking_and_helicopter_hacking/ 2023-06-28T00:00:00+00:00 https://0x01.pages.dev/posts/reversing_citrix_gateway_for_xss/ 2023-06-29T00:00:00+00:00 https://0x01.pages.dev/posts/10_tips_for_crushing_bug_bounties/ 2023-07-02T00:00:00+00:00 https://0x01.pages.dev/posts/advisory-_sharefile_pre-auth_rce_(cve-2023-24489)/ 2023-07-03T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-66-_citrix_gateaway-xss,_web_cache_deception,_dns_analyzer,_ato_to_xss_in_garphql_api,_aws_s3_bucket_leaks,_$250k_coinbase_api_hack_and_many_more/ 2023-07-03T00:00:00+00:00 https://0x01.pages.dev/posts/encrypted_doesn't_mean_authenticated-_sharefile_rce_(cve-2023-24489)/ 2023-07-04T00:00:00+00:00 https://0x01.pages.dev/posts/bug_bytes_-206_-_citrix_more_like_crit-trix_amiright/ 2023-07-05T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-67-_joining_google_as_red_teamer,_finding_100_vulnerabilities,_tale_of_dom-xss,_impactful_ssrf,_busting_fake_privacy_policy_and_many_more/ 2023-07-10T00:00:00+00:00 https://0x01.pages.dev/posts/bug_bytes_-207_-iis,_llms_and_ios/ 2023-07-11T00:00:00+00:00 https://0x01.pages.dev/posts/exploiting_xss_in_hidden_inputs_and_meta_tags/ 2023-07-11T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-68-_account_takeover_using_custom_otp,_cve-2023-36934,_investigating_ec2_,_xss_in_hidden_inputs_,_macos_user's_real_name_brute-forced_with_mdns_and_many_more/ 2023-07-17T00:00:00+00:00 https://0x01.pages.dev/posts/bug_bytes_-208_-_burp_gets_an_update,_sharefile_gets_a_cve_and_javascript_files_get_analysed/ 2023-07-19T00:00:00+00:00 https://0x01.pages.dev/posts/advisory-_metabase_pre-auth_rce_(cve-2023-38646)/ 2023-07-21T00:00:00+00:00 https://0x01.pages.dev/posts/analysis_of_cve-2023-3519_in_citrix_adc_and_netscaler_gateway/ 2023-07-21T00:00:00+00:00 https://0x01.pages.dev/posts/chaining_our_way_to_pre-auth_rce_in_metabase_(cve-2023-38646)/ 2023-07-22T00:00:00+00:00 https://0x01.pages.dev/posts/analysis_of_cve-2023-3519_in_citrix_adc_and_netscaler_gateway_(part_2)/ 2023-07-24T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-69-_openssh_rce,_xamarin_applications_reverse_engineering,_puzzled_xss,_cve-2023-3519_analysis,_xss_and_cors_bypass_and_many_more/ 2023-07-24T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-70-_nft_bridge_vulnerability,_cve-2023-3519_deep_analysis,_rce_in_huawei_theme_manager,_preauth_rce_in_metabase,_chaining_bugs_for_session_hijack_and_many_more/ 2023-07-31T00:00:00+00:00 https://0x01.pages.dev/posts/leaked_secrets_and_unlimited_miles-_hacking_the_largest_airline_and_hotel_rewards_platform/ 2023-08-03T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-71-_introduction_to_ad_pentesting,_xss_via_exported_activity,_using_hotw_to_leak_csrf_token,_full_access_to_airline_points,_ssrfs_and_many_more/ 2023-08-07T00:00:00+00:00 https://0x01.pages.dev/posts/finding_and_exploiting_citrix_netscaler_buffer_overflow_(cve-2023-3519)_(part_3)/ 2023-08-08T00:00:00+00:00 https://0x01.pages.dev/posts/smashing_the_state_machine-_the_true_potential_of_web_race_conditions/ 2023-08-09T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-72-_graphql_hacking,_sso_vulnerabilities,_race_condition_vulnerabilities,_sqlmap_&_server_side_request_forgery_tips,_sandwich_attack_and_many_more/ 2023-08-14T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-73-_ato_in_shopify_stores,_cve-2023-36809,_risks_in_cross-chain_bridges,_bypassing_firewalls,_hacking_ios_apps,_uncovering_zenbleed_and_many_more/ 2023-08-21T00:00:00+00:00 https://0x01.pages.dev/posts/bug_bytes_-209_-_the_only_graphql_wordlist_you_need,_ml_bug_hunting_and_vdp_submissions/ 2023-08-23T00:00:00+00:00 https://0x01.pages.dev/posts/advisory-_flarum_lfi_-_cve-2023-40033/ 2023-08-27T00:00:00+00:00 https://0x01.pages.dev/posts/leaking_file_contents_with_a_blind_file_oracle_in_flarum/ 2023-08-27T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-74-_rce_through_dependency_confusion,_2fa_bypass_in_meta,_client_side_prototype_pollution_and_its_prevention,_paywall_bypass,_ssrf_tricks_and_many_more/ 2023-08-28T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-75-_privilege_escalation_by_request_manipulation,_pii_disclosure_by_manipulating_parameters,_pii_leak_using_misconfigured_api,_crlf_to_xss,_blind_ssrf_with_out-of-band_detection_and_many_more/ 2023-09-04T00:00:00+00:00 https://0x01.pages.dev/posts/bug_bytes_-210_-_zenbleed,_interview_questions,_challenge_coins_and_sql_injections/ 2023-09-06T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-76-_android_native_libraries,_proton_mail-s_security,_source_code_&_secrets_exposed_on_top_websites,_zero_click_mass_ato,_csp_protection_bypass_on_google,_hacking_online_casino_and_many_more/ 2023-09-11T00:00:00+00:00 https://0x01.pages.dev/posts/bug_bytes_-211_-_hacking_casinos,_microsoft-s_key_mishap,_read_the_docs_and_imagemagick_strikes_again/ 2023-09-13T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-77-_azure_ad_privilege_escalation,_cve-2022-3910,_web_cache_deception_attack,_graphql_enumeration_techniques,_idor_and_many_more/ 2023-09-18T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-78-_oauth_misconfiguration,_account_takeover,_virtual_hosts,_sql_injection,_hacker_tweets,_advanced_root_detection_bypass_techniques_and_many_more/ 2023-09-25T00:00:00+00:00 https://0x01.pages.dev/posts/bug_bytes_-212_-_xss_payloads,_idor_prediction_and_cloud_security/ 2023-09-27T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-79-_rce_in_google_chrome,_cve-2023-40044,_oidc_misconfiguration_to_ato,_accessing_millions_of_call_recordings_and_many_more/ 2023-10-02T00:00:00+00:00 https://0x01.pages.dev/posts/how_to_build_custom_scanners_for_web_security_research_automation/ 2023-10-03T00:00:00+00:00 https://0x01.pages.dev/posts/rce_in_progress_ws_ftp_ad_hoc_via_iis_http_modules_(cve-2023-40044)/ 2023-10-03T00:00:00+00:00 https://0x01.pages.dev/posts/bug_bytes_-213_-_hacking_a_prison,_xss_on_steroids,_caido_free_for_students_and_bogus_cves/ 2023-10-04T00:00:00+00:00 https://0x01.pages.dev/posts/cybersecurity_is_lost-_the_story_of_the_man_in_the_van/ 2023-10-06T00:00:00+00:00 https://0x01.pages.dev/posts/passing_the_new_osee_exam_after_forgetting_everything/ 2023-10-07T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-80-_broken_access_control,_xss_basics,_graphql_introspection_query,_rce_vulnerabilities,_xss_challenge,_scanners_for_web_security_research_and_many_more_/ 2023-10-09T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-81-_chrome_sop_bypass,_unauthorized_access_to_admin_panel,_access_to_instagram-s_private_posts,_looney_tunable_linux_privilege_escalation_-cve-2023-4911-,_nosql_injections_and_many_more/ 2023-10-16T00:00:00+00:00 https://0x01.pages.dev/posts/bug_bytes_-214_-_we_launch_a_course,_bug_hunters_go_full_time_and_the_$20k_bug/ 2023-10-17T00:00:00+00:00 https://0x01.pages.dev/posts/the_single-packet_attack-_making_remote_race-conditions_'local'/ 2023-10-18T00:00:00+00:00 https://0x01.pages.dev/posts/citrix_bleed-_leaking_session_tokens_with_cve-2023-4966/ 2023-10-23T00:00:00+00:00 https://0x01.pages.dev/posts/people_who_say_-php_is_insecure-_are_uninformed/ 2023-10-23T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-82-_single_packet_attack,_nuclei_v3,_dom_xss,_idor_insights,_bypassing_csp,_ai_&_hacking,_android_app_hacking_and_many_more/ 2023-10-23T00:00:00+00:00 https://0x01.pages.dev/posts/bug_bytes_-215_-_hackers_in_lisbon,_ai_bug_bounty_and_is_this_the_end/ 2023-10-25T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-83-_cve-2023-4966,_address_bar_spoofing,_sqli_to_ntlm,_okta_breach,_upi_security,_pii_via_frontend_authentication_redirects_and_many_more/ 2023-10-30T00:00:00+00:00 https://0x01.pages.dev/posts/hacking_hp_display_monitors_via_monitor_control_command_set_(cve-2023-5449)/ 2023-10-31T00:00:00+00:00 https://0x01.pages.dev/posts/bug_bytes_-216_-_sql_injections,_android_xss_and_writing_quality_reports/ 2023-11-02T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-84-_dom-based_race_condition,_bypassing_android_debug_and_root_detection,_f5-big-ip_cve-2023-46747,_sql_injection_on_admin_login_,_hacking_hp_monitor_display,_analyzing_metamask_snaps_and_many_more/ 2023-11-06T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-85-_lfi_to_rce,_dos_bugs,_rxss_on_microsoft,_race_conditions,_finding_leaked_tokens,_bypassing_url_parsers_and_many_more/ 2023-11-13T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-86-_cve-2023-46729,_hacked_google-s_bug_tracking_system,_outsmarting_ai_models,_sandbox_escaping,_self-redirect_to_xss,_critical_0-day_xxe_to_ssrf_and_many_more/ 2023-11-20T00:00:00+00:00 https://0x01.pages.dev/posts/bug_bytes_-217_-_how_to_submit_vulnerabilities,_writing_a_great_writeup_and_2_years_of_bug_bounty/ 2023-11-22T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-87-_okta_for_red_teamers,_hijacking_oauth,_account_hijacking_via_invite_flows,_full_time_bug_bounty_hunting,_unpredictable_ids_in_idor_and_many_more/ 2023-11-27T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-88-_process_injection,_race_condition,_clrf_to_xss_in_snapchat,_active_directory_guide,_main_app_hacking_methodology,_csp_research,_cors_misconfigurations_and_many_more/ 2023-12-04T00:00:00+00:00 https://0x01.pages.dev/posts/blind_css_exfiltration-_exfiltrate_unknown_web_pages/ 2023-12-05T00:00:00+00:00 https://0x01.pages.dev/posts/bug_bytes_-218_-_advent_of_cyber,_rces_and_hacking_poems/ 2023-12-05T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-89-_business_logic_vulnerability,_dns_poisoning,_xss_exploitation_to_steal_credentials,_payment_processor_hacking,_second_order_sql_injections,_blind_css_exfiltration,_symfony_exploits_and_many_more/ 2023-12-11T00:00:00+00:00 https://0x01.pages.dev/posts/finding_that_one_weird_endpoint,_with_bambdas/ 2023-12-12T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-90-_django_debug_mode,_attacking_the_rsync_service,_dom_xss_to_stored_xss,_cve-2022-2216,_hacking_aws_&_kubernetes,_twitter-s_xss_+_csrf_leads_to_account_takeover_and_many_more/ 2023-12-18T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-91-_hacking_adobe_for_$50k,_google_oauth_hack,_ssti,_self_xss_to_stored_xss,_jsluice_tips,_dealing_with_burnout,_sql_injection_worth_$4k_and_many_more/ 2023-12-25T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-92-_hacking_adobe_for_$50k,_google_oauth_hack,_ssti,_self_xss_to_stored_xss,_jsluice_tips,_dealing_with_burnout,_sql_injection_worth_$4k_and_many_more/ 2023-12-25T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-92-_cloudflare_pages_vulnerabilities_analysis,_cors_cache_exploitation_automating_rtfm_with_chatgpt,_shrewdeye_bash,_xss_to_ato,_bypassing_door_passwords_and_many_more/ 2024-01-08T00:00:00+00:00 https://0x01.pages.dev/posts/top_10_web_hacking_techniques_of_2023_-_nominations_open/ 2024-01-09T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-93-_gitlab_critical_fixes,_google_info-stealers,_sandwich_attack,_cve-2023-7028,_idn_homograph_attack,_irisctf24_challenges_and_many_more/ 2024-01-15T00:00:00+00:00 https://0x01.pages.dev/posts/high_signal_detection_and_exploitation_of_ivanti's_pulse_connect_secure_auth_bypass_&_rce/ 2024-01-18T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-94-_2fa_bypass,_decoding_obfuscated_javascript,_exploiting_password_reset_functionality,_aws_s3_bucket_takeover,_invisible_prompt_injections_and_many_more/ 2024-01-22T00:00:00+00:00 https://0x01.pages.dev/posts/hiding_payloads_in_java_source_code_strings/ 2024-01-23T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-95-_from_rook_to_xss,_cve-2023-5480,_response_manipulation_to_privilege_escalation,_top_10_web_hacking_techniques_for_2023,_unicode_escape_handling_in_java_and_many_more/ 2024-01-29T00:00:00+00:00 https://0x01.pages.dev/posts/back_to_the_(clip)board_with_microsoft_whiteboard_and_excalidraw_in_meta_(cve-2023-26140)/ 2024-02-04T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-96-_windows_driver_to_working_edr,_auth-bypass_within_ivanti-s_pulse_connect_secure,_infostealer_malware,_binary_emulation,_google_domain_tier_concepts_and_many_more/ 2024-02-05T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-97-_xss_on_microsoft_whiteboard_and_excalidraw,_chatgpt_account_takeover,_reverse_engineered_esp32-based_air_purifier,_advanced_http_header_exploitation_techniques,_pikabot_malware_analysis_and_many_more/ 2024-02-12T00:00:00+00:00 https://0x01.pages.dev/posts/top_10_web_hacking_techniques_of_2023/ 2024-02-19T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-98-_image_to_rce,_mysql_server_access,_hacking_college_website,_rce_on_apple-s_production_server,_web-cache_deception_vulnerability,_github_code_search,_ssrf_on_vercel_and_many_more/ 2024-02-19T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-99-_top_10_hacking_techniques_of_2023,_csp_bypass,_multiple_xss_on_joomla,_xss_on_chatgpt,_meteor_subdomain_takeover,_length_filter_bypass_to_sql_injection,_nomulus_pentest_and_many_more/ 2024-02-26T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-100-server-side_prototype_pollution,_zero-click_ato_exploit,_ssrf_bugs,_grx_interface_address_using_tcp,_graphql_api_schemas,_xss_for_ato,_idor,_unicode_normalization_and_many_more/ 2024-03-04T00:00:00+00:00 https://0x01.pages.dev/posts/using_form_hijacking_to_bypass_csp/ 2024-03-05T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-101-_csp_bypass_using_formaction_attribute,_200_hours_of_hacking_to_$20k,_cve-2024-1403_analysis,_necessity_of_devsecops,_use_of_github_actions_to_bypass_microsoft_entra_smart_lockout_and_many_more/ 2024-03-11T00:00:00+00:00 https://0x01.pages.dev/posts/testing_static_websites_and_uncovering_hidden_security_vulnerabilities/ 2024-03-14T00:00:00+00:00 https://0x01.pages.dev/posts/aggressive_scanning_in_bug_bounty_(and_how_to_avoid_it)/ 2024-03-18T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-102-_raining_rces_on_citrix,_microsoft_outlook_and_fortigate,_security_flaws_in_chatgpt_and_third-party_plugins,_crlf_injection,_and_many_more/ 2024-03-18T00:00:00+00:00 https://0x01.pages.dev/posts/making_desync_attacks_easy_with_trace/ 2024-03-19T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-103-_$35k_bounty,_nuances_of_aggressive_scans,_dll_side-loading,_hacking_3_million_hotel_key_cards,_waf_bypassing_variants_and_many_more/ 2024-03-25T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-104-_clickhouse,_velociraptor,_waf_bypass_techniques,_path_traversal_vulnerabilities,_io_uring_vulnerability_in_ubuntu,_shockwave_attack_surface_management,_.net_remoting_exploits,_github_dorks_and_many_more/ 2024-04-01T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-105-_xz_utils_backdoor,_dompurify_bypass,_secondary_context_bugs,_hacking_isps,_email_verification_bypass,_gesture_jacking_and_many_more/ 2024-04-08T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-106-_hacking_icon_blockchain,_batbadbut_vulnerability,_dom_xss_to_ato,_starbucks_hack,_bypassing_phone_number_verification_and_many_more/ 2024-04-15T00:00:00+00:00 https://0x01.pages.dev/posts/4_bug_bounty_mistakes_and_how_to_avoid_them/ 2024-04-17T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-107-_cve-2024-0333,_$50,000_for_hacking_google_a.i,_auth-bypass_via_response_tampering,_http_request_smuggling_case_study,_telegram_rce_and_many_more/ 2024-04-22T00:00:00+00:00 https://0x01.pages.dev/posts/jub0bs_&_cors-_a_better_cors_middleware_library_for_go/ 2024-04-27T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-108-_postmessage_for_xss,_smart_contract_security,_admin_panel_takeover,_dom-xss_to_ato,_process_injection_with_c,_privilege_escalation_and_many_more_/ 2024-04-29T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-109-_hacking_telegram,_raining_idors_and_bacs,_microsoft_graph_logging_bypass,_htmx_bugs,_wordlist_for_ci_&_cd_hacking_and_many_more/ 2024-05-06T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-110-_github_actions_cache_poisoning,_cve-2024-0200,_relative_path_file_injection,_hacking_apple,_hacking_microsoft's_ai_bot_and_many_more/ 2024-05-13T00:00:00+00:00 https://0x01.pages.dev/posts/reconfigurable_cors_middleware_with_jub0bs_&_cors/ 2024-05-14T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-111-_ssrf_in_nextjs,_blind_ssrf_on_wordpress,_chatgpt_rate_limit_bypass,_idor_at_swiggy_and_many_more/ 2024-05-20T00:00:00+00:00 https://0x01.pages.dev/posts/introducing_signsaboteur-_forge_signed_web_tokens_with_ease/ 2024-05-22T00:00:00+00:00 https://0x01.pages.dev/posts/cache_me_if_you_can-_local_privilege_escalation_in_zscaler_client_connector_(cve-2023-41973)/ 2024-05-27T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-112-_xxe_in_chrome,_sql_injection_cheatsheet,_misconfigurations_in_azure,_hacking_wordpress_plugins,_and_many_more/ 2024-05-27T00:00:00+00:00 https://0x01.pages.dev/posts/bug_bounty_calculator-crunch_the_numbers_and_optimize_your_program/ 2024-05-28T00:00:00+00:00 https://0x01.pages.dev/posts/refining_your_http_perspective,_with_bambdas/ 2024-05-29T00:00:00+00:00 https://0x01.pages.dev/posts/five_easy_ways_to_hack_graphql_targets/ 2024-05-31T00:00:00+00:00 https://0x01.pages.dev/posts/hacking_millions_of_modems_(and_investigating_who_hacked_my_modem)/ 2024-06-03T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-113-_subdomain_takeovers_to_credential_leaks,_stored_xss_to_rce,_vscode_sftp_file_exposure,_$203k_bounties_for_bugs_in_azure_health_bot_and_many_more/ 2024-06-03T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-114-_4-step_bug_hunting_methodology,_cve-2024-4358,_reflector,_bypass_ssl_pinning,_graphql_api_vulnerabilities_and_many_more/ 2024-06-10T00:00:00+00:00 https://0x01.pages.dev/posts/onwebkitplaybacktargetavailabilitychanged-!_new_exotic_events_in_the_xss_cheat_sheet/ 2024-06-11T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-115-_abusing_auto-mail_responders,_$25,000_github_takeover,_ai_in_bug_hunting,_rce_on_tenda_ac8_router,_graphql_hacking_and_many_more/ 2024-06-17T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-116-_github_copilot_prompt_injection,_r2frida_for_ios_runtime_manipulation,_data_exfiltration_from_restricted_environment,_ios_url_scheme_hijacking_and_many_more/ 2024-06-24T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-117-_api_hacking,_hacking_large_corporations,_crushftp_exploit,_nextjs_&_cache_poisoning,_prototype_pollution,_nested_deserialization_and_many_more/ 2024-07-01T00:00:00+00:00 https://0x01.pages.dev/posts/a_hacking_hat-trick-_previewing_three_portswigger_research_publications_coming_to_def_con_&_black_hat_usa/ 2024-07-02T00:00:00+00:00 https://0x01.pages.dev/posts/universal_code_execution_by_chaining_messages_in_browser_extensions/ 2024-07-07T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-118-_server-side_request_forgery,_malware_development,_idor,_match_and_replace,_cache_deception_and_many_more/ 2024-07-08T00:00:00+00:00 https://0x01.pages.dev/posts/fickle_pdfs-_exploiting_browser_rendering_discrepancies/ 2024-07-09T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-119-_universal_code_execution,_evernote_rce,_multiple_servicenow_cves,_escalating_xss_using_password_managers,_dompurify_bug,_css_injections_and_many_more/ 2024-07-15T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-120-_mass_request_smuggling,_1000$_open_redirect,_css_injection,_jupyter_auth_token_leak,_crowdstrike_issue_and_many_more/ 2024-07-22T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-121-_rce_on_kafka_ui,_$2000_bounty,_advanced_sql_injection_techniques,_aws_cognito_misconfigurations,_payment_bypass,_and_many_more/ 2024-07-29T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-122-_ssrf,_password_reset_vulnerability,_xss_in_hotjar,_single-packet_attack,_whatsapp_desktop_code_execution,_business_logic_errors_and_many_more/ 2024-08-05T00:00:00+00:00 https://0x01.pages.dev/posts/listen_to_the_whispers-_web_timing_attacks_that_actually_work/ 2024-08-07T00:00:00+00:00 https://0x01.pages.dev/posts/splitting_the_email_atom-_exploiting_parsers_to_bypass_access_controls/ 2024-08-07T00:00:00+00:00 https://0x01.pages.dev/posts/gotta_cache_'em_all-_bending_the_rules_of_web_cache_exploitation/ 2024-08-08T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-123-_web_timing_attacks,_confusion_attacks,_luci_authdb_leak,_lhes_vs_pwn2owns,_reverse_engineering_101_and_many_more/ 2024-08-12T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-124-_xss_waf_bypass,_google_and_github_dorks,_xss_via_cspt,_bug_hunting_methodology,_and_many_more/ 2024-08-19T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-125-_aws_albeast_vulnerability,_ssrf_bug_in_microsoft-s_copilot_studio,_cache_misconfiguration_exploit,_web_caching,_def_con_32,_game_hacking,_and_many_more/ 2024-08-26T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-126-_bypassing_airport_security,_xss_on_netlify-s_image_cdn,_frans_ros%C3%A9n-s_x-correlation_research,_prompt_injection_on_microsoft_copilot,_type_confusion_flaw_in_chrome,_and_many_more/ 2024-09-02T00:00:00+00:00 https://0x01.pages.dev/posts/introducing_the_url_validation_bypass_cheat_sheet/ 2024-09-03T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-127-_nanocore_obfuscation,_code_protection_bypass,_gmail_html_injection,__remote_code_execution,_x-correlation_injection_research,_and_many_more/ 2024-09-09T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-128-_bug_bounty,_cloud_dorking,_asset_discovery,_reconnaissance,vulnerabilities_in_the_kakadu_jpeg_2000_and_in_azure_devops,vpn_cookies_hijacking,_and_many_more/ 2024-09-16T00:00:00+00:00 https://0x01.pages.dev/posts/hacking_kia-_remotely_controlling_cars_with_just_a_license_plate/ 2024-09-20T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-129-_google_vrp_blog,_cve-2024-29847_exploit,_hotstar_hacked,_bug_bounty_tips,_osint_explained,_and_many_more/ 2024-09-23T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-130-_hacking_trello_board_instances,_hacker_mentality,_regex,_google_dorks,_codeql_fundamentals_and_many_more/ 2024-09-30T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-131-_rop_for_security_bypass,_ruby_class_pollution,_mobile_hacking,_reverse_engineering,_hacking_websites_with_zip_files_and_many_more/ 2024-10-07T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-132-_account_takeover_on_palo_alto_networks,_sqli_cheat_sheet,_pre-auth_sql_injection_in_whatsup_gold,_ssrf_automation,_bypassing_sanitizers_using_mxss,__and_many_more/ 2024-10-14T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-133-_tools_for_recon,_sandbox_bypass_in_chromium_browser,_zendesk_vulnerability,_cve-2024-23113,_saml_xpath_confusion,_ai-powered_403_bypassers_and_many_more/ 2024-10-21T00:00:00+00:00 https://0x01.pages.dev/posts/concealing_payloads_in_url_credentials/ 2024-10-23T00:00:00+00:00 https://0x01.pages.dev/posts/iw_weekly_-134-_javascript_vulnerabilities,_microsoft_servicenow_hacked,_recon_framework,_powershell_on_web,_zendesk_vulnerability,_filtering_hostnames_and_many_more/ 2024-10-28T00:00:00+00:00 https://0x01.pages.dev/posts/new_crazy_payloads_in_the_url_validation_bypass_cheat_sheet/ 2024-10-29T00:00:00+00:00 https://0x01.pages.dev/posts/hackernotes_ep.95_&_ep.96-_cookies,_caching_&_attacking_chrome_extensions_with_matanber/ 2024-11-11T00:00:00+00:00 https://0x01.pages.dev/posts/hackernotes_ep.97-_bcrypt_hash_input_truncation_&_mobile_device_threat_modeling/ 2024-11-17T00:00:00+00:00 https://0x01.pages.dev/posts/see_you_back_in_january/ 2024-11-17T00:00:00+00:00 https://0x01.pages.dev/posts/hackernotes_ep.98-_team_82_sharon_brizinov_-_the_live_hacking_polymath/ 2024-11-24T00:00:00+00:00 https://0x01.pages.dev/posts/hackernotes_ep.99-_back_to_the_basics_-_web_fundamental_to_100k_a_year_in_bug_bounty/ 2024-11-30T00:00:00+00:00 https://0x01.pages.dev/posts/bypassing_wafs_with_the_phantom_$version_cookie/ 2024-12-04T00:00:00+00:00 https://0x01.pages.dev/posts/program_manager-s_guide_to_running_a_successful_bug_bounty_program/ 2024-12-04T00:00:00+00:00 https://0x01.pages.dev/posts/hackernotes_ep.100-_8_fav_bugs_of_2024,_farewell_joel,_hello_shift_-_cursor_of_hacking/ 2024-12-11T00:00:00+00:00 https://0x01.pages.dev/posts/hackernotes_ep.101-_ai_attack_vectors_-_ctbb_hijacked_-_rez0___and_johann/ 2024-12-14T00:00:00+00:00 https://0x01.pages.dev/posts/_bee-side_201_-_web_security_patterns,_ai_integration_&_growth_hacking_strategies/ 2024-12-15T00:00:00+00:00 https://0x01.pages.dev/posts/_hive_five_202_-_a_bias_to_action/ 2024-12-16T00:00:00+00:00 https://0x01.pages.dev/posts/hackernotes_ep.102-_building_web_hacking_micro_agents_with_jason_haddix/ 2024-12-20T00:00:00+00:00 https://0x01.pages.dev/posts/_bee-side_202_-_security_tools,_ai_innovation_&_dev_productivity/ 2024-12-22T00:00:00+00:00 https://0x01.pages.dev/posts/_hive_five_203_-_how_to_live_an_epic_life/ 2024-12-23T00:00:00+00:00 https://0x01.pages.dev/posts/_bee-side_203_-_ai_innovation,_dev_tools_&_digital_security/ 2024-12-29T00:00:00+00:00 https://0x01.pages.dev/posts/_hive_five_204_-_make_change_that_lasts/ 2024-12-30T00:00:00+00:00 https://0x01.pages.dev/posts/hackernotes_ep.103-_getting_ansi_about_unicode_normalization/ 2024-12-31T00:00:00+00:00 https://0x01.pages.dev/posts/hackernotes_ep.104-_2024_hacker_stats_&_2025_goals/ 2025-01-02T00:00:00+00:00 https://0x01.pages.dev/posts/_bee-side_204_-_cobol_jobs_domain_&_browser-based_background_removal/ 2025-01-05T00:00:00+00:00 https://0x01.pages.dev/posts/_hive_five_205_-_join_or_die/ 2025-01-06T00:00:00+00:00 https://0x01.pages.dev/posts/top_10_web_hacking_techniques_of_2024-_nominations_open/ 2025-01-08T00:00:00+00:00 https://0x01.pages.dev/posts/hackernotes_ep.105-_best_moments_of_2024_on_the_pod/ 2025-01-11T00:00:00+00:00 https://0x01.pages.dev/posts/_hive_five_206_-_ai_crash_course/ 2025-01-13T00:00:00+00:00 https://0x01.pages.dev/posts/hackernotes_ep.106-_announcing_our_new_co-host/ 2025-01-17T00:00:00+00:00 https://0x01.pages.dev/posts/_hive_five_207_-_brain_rot_and_one_man_armies/ 2025-01-20T00:00:00+00:00 https://0x01.pages.dev/posts/stealing_httponly_cookies_with_the_cookie_sandwich_technique/ 2025-01-22T00:00:00+00:00 https://0x01.pages.dev/posts/hacking_subaru-_tracking_and_controlling_cars_via_the_starlink_admin_panel/ 2025-01-23T00:00:00+00:00 https://0x01.pages.dev/posts/hackernotes_ep.107-_bypassing_cross-origin_browser_headers/ 2025-01-27T00:00:00+00:00 https://0x01.pages.dev/posts/_hive_five_208_-_nobody_cares/ 2025-01-27T00:00:00+00:00 https://0x01.pages.dev/posts/bypassing_character_blocklists_with_unicode_overflows/ 2025-01-28T00:00:00+00:00 https://0x01.pages.dev/posts/programmatic_handling_of_cors-configuration_errors_with_jub0bs_&_cors/ 2025-01-28T00:00:00+00:00 https://0x01.pages.dev/posts/hackernotes_ep.108-_how_to_hack_salesforce,_servicenow,_and_other_saas_products_with_aaron_costello/ 2025-02-03T00:00:00+00:00 https://0x01.pages.dev/posts/_hive_five_209_-_new_space/ 2025-02-03T00:00:00+00:00 https://0x01.pages.dev/posts/top_10_web_hacking_techniques_of_2024/ 2025-02-04T00:00:00+00:00 https://0x01.pages.dev/posts/hackernotes_ep._109-_creative_recon_-_alternative_techniques/ 2025-02-07T00:00:00+00:00 https://0x01.pages.dev/posts/quoting_dr._julie_gurner-_-talent_is_a_high-risk_gift 2025-02-08T00:00:00+00:00 https://0x01.pages.dev/posts/_hive_five_210_-_we_are_destroying_software/ 2025-02-10T00:00:00+00:00 https://0x01.pages.dev/posts/bee-yond_the_hive-_optimal_keyboard_shortcuts/ 2025-02-12T00:00:00+00:00 https://0x01.pages.dev/posts/hackernotes_ep.110-__oauth_gadget_correlation_and_common_attacks/ 2025-02-14T00:00:00+00:00 https://0x01.pages.dev/posts/_hive_five_211_-_stop_working_so_hard/ 2025-02-17T00:00:00+00:00 https://0x01.pages.dev/posts/shadow_repeater-ai-enhanced_manual_testing/ 2025-02-20T00:00:00+00:00 https://0x01.pages.dev/posts/hackernotes_ep.111-_how_to_bypass_dompurify_with_k%C3%A9vin_mizu/ 2025-02-21T00:00:00+00:00 https://0x01.pages.dev/posts/_hive_five_212_-_vibe_coding/ 2025-02-24T00:00:00+00:00 https://0x01.pages.dev/posts/the_cost_of_go's_panic_and_recover/ 2025-02-28T00:00:00+00:00 https://0x01.pages.dev/posts/hackernotes_ep.112-_interview_with_ciar%C3%A1n_cotter_(monkehack)_critical_lab_researcher_and_full-time_hunter/ 2025-03-01T00:00:00+00:00 https://0x01.pages.dev/posts/_hive_five_213_-_agency_-_intelligence/ 2025-03-03T00:00:00+00:00 https://0x01.pages.dev/posts/hackernotes_ep.113-_best_technical_takeaways_from_portswigger_top_10_2024/ 2025-03-07T00:00:00+00:00 https://0x01.pages.dev/posts/_hive_five_214_-_pressing_buttons/ 2025-03-11T00:00:00+00:00 https://0x01.pages.dev/posts/hackernotes_ep.114-_single_page_application_hacking_playbook/ 2025-03-14T00:00:00+00:00 https://0x01.pages.dev/posts/_hive_five_215_-_prompt_your_way_to_personal_growth/ 2025-03-17T00:00:00+00:00 https://0x01.pages.dev/posts/saml_roulette-_the_hacker_always_wins/ 2025-03-18T00:00:00+00:00 https://0x01.pages.dev/categories/ 2025-03-19T15:51:48+00:00 https://0x01.pages.dev/tags/ 2025-03-19T15:51:48+00:00 https://0x01.pages.dev/archives/ 2025-03-19T15:51:48+00:00 https://0x01.pages.dev/about/ 2025-03-19T15:51:48+00:00 https://0x01.pages.dev/tools/csrf-poc-generator https://0x01.pages.dev/tools https://0x01.pages.dev/ https://0x01.pages.dev/tags/cve/ https://0x01.pages.dev/tags/xss/ https://0x01.pages.dev/tags/exploit/ https://0x01.pages.dev/tags/security/ https://0x01.pages.dev/tags/bypass/ https://0x01.pages.dev/tags/rce/ https://0x01.pages.dev/tags/proxy/ https://0x01.pages.dev/tags/auth/ https://0x01.pages.dev/tags/takeover/ https://0x01.pages.dev/tags/bounty/ https://0x01.pages.dev/tags/ios/ https://0x01.pages.dev/tags/app/ https://0x01.pages.dev/tags/apple/ https://0x01.pages.dev/tags/android/ https://0x01.pages.dev/tags/web/ https://0x01.pages.dev/tags/cache/ https://0x01.pages.dev/tags/graphql/ https://0x01.pages.dev/tags/api/ https://0x01.pages.dev/tags/idor/ https://0x01.pages.dev/tags/ssrf/ https://0x01.pages.dev/tags/facebook/ https://0x01.pages.dev/tags/tools/ https://0x01.pages.dev/tags/oauth/ https://0x01.pages.dev/tags/bug/ https://0x01.pages.dev/tags/csrf/ https://0x01.pages.dev/tags/csp/ https://0x01.pages.dev/tags/crlf/ https://0x01.pages.dev/tags/microsoft/ https://0x01.pages.dev/tags/dos/ https://0x01.pages.dev/tags/google/ https://0x01.pages.dev/tags/waf/ https://0x01.pages.dev/tags/newsletter/ https://0x01.pages.dev/tags/lfi/ https://0x01.pages.dev/tags/2fa/ https://0x01.pages.dev/tags/cloud/ https://0x01.pages.dev/tags/instagram/ https://0x01.pages.dev/tags/login/ https://0x01.pages.dev/tags/xxe/ https://0x01.pages.dev/tags/ssti/ https://0x01.pages.dev/tags/github/ https://0x01.pages.dev/tags/pdf/ https://0x01.pages.dev/categories/hackers-feed/ https://0x01.pages.dev/categories/shubs/ https://0x01.pages.dev/categories/shubham-shah/ https://0x01.pages.dev/categories/blog-sam-curry/ https://0x01.pages.dev/categories/posts-on-jub0bs-com/ https://0x01.pages.dev/categories/spaceraccoon-s-blog/ https://0x01.pages.dev/categories/h%CE%B4kluk%CE%BE/ https://0x01.pages.dev/categories/portswigger-research/ https://0x01.pages.dev/categories/youssef-sammouda/ https://0x01.pages.dev/categories/hacking-tools-intigriti/ https://0x01.pages.dev/categories/bug-bytes-intigriti/ https://0x01.pages.dev/categories/assetnote/ https://0x01.pages.dev/categories/the-infosec-newsletter/ https://0x01.pages.dev/categories/critical-thinking-bug-bounty-podcast/ https://0x01.pages.dev/categories/hive-five/ https://0x01.pages.dev/page2/ https://0x01.pages.dev/page3/ https://0x01.pages.dev/page4/ https://0x01.pages.dev/page5/ https://0x01.pages.dev/page6/ https://0x01.pages.dev/page7/ https://0x01.pages.dev/page8/ https://0x01.pages.dev/page9/ https://0x01.pages.dev/page10/ https://0x01.pages.dev/page11/ https://0x01.pages.dev/page12/ https://0x01.pages.dev/page13/ https://0x01.pages.dev/page14/ https://0x01.pages.dev/page15/ https://0x01.pages.dev/page16/ https://0x01.pages.dev/page17/ https://0x01.pages.dev/page18/ https://0x01.pages.dev/page19/ https://0x01.pages.dev/page20/ https://0x01.pages.dev/page21/ https://0x01.pages.dev/page22/ https://0x01.pages.dev/page23/ https://0x01.pages.dev/page24/ https://0x01.pages.dev/page25/ https://0x01.pages.dev/page26/ https://0x01.pages.dev/page27/ https://0x01.pages.dev/page28/ https://0x01.pages.dev/page29/ https://0x01.pages.dev/page30/ https://0x01.pages.dev/page31/ https://0x01.pages.dev/page32/ https://0x01.pages.dev/page33/ https://0x01.pages.dev/page34/