bypass 48
- [HackerNotes Ep.111] How to Bypass DOMPurify with Kévin Mizu
- Bypassing character blocklists with unicode overflows
- [HackerNotes Ep.107] Bypassing Cross-Origin Browser Headers
- Bypassing WAFs with the phantom $Version cookie
- New crazy payloads in the URL Validation Bypass Cheat Sheet
- 👩💻IW Weekly #133: Tools For Recon, Sandbox Bypass in Chromium Browser, Zendesk Vulnerability, CVE-2024-23113, SAML XPath Confusion, AI-Powered 403 Bypassers and many more…
- 👩💻IW Weekly #132: Account Takeover on Palo Alto Networks, SQLi Cheat Sheet, Pre-Auth SQL Injection in WhatsUp Gold, SSRF Automation, Bypassing Sanitizers using MXSS, and many more…
- 👩💻IW Weekly #131: ROP For Security Bypass, Ruby Class Pollution, Mobile Hacking, Reverse Engineering, Hacking Websites With ZIP Files and many more…
- 👩💻IW Weekly #127: Nanocore Obfuscation, Code Protection Bypass, Gmail HTML Injection, Remote Code Execution, X-Correlation Injection Research, and many more…
- Introducing the URL validation bypass cheat sheet
- 👩💻IW Weekly #126: Bypassing Airport Security, XSS on Netlify’s Image CDN, Frans Rosén’s X-Correlation Research, Prompt Injection on Microsoft Copilot, Type Confusion Flaw in Chrome, and many more…
- 👩💻IW Weekly #124: XSS WAF Bypass, Google and Github Dorks, XSS via CSPT, Bug Hunting Methodology, and many more…
- Splitting the email atom: exploiting parsers to bypass access controls
- 👩💻IW Weekly #121: RCE on Kafka UI, $2000 Bounty, Advanced SQL Injection Techniques, AWS Cognito Misconfigurations, Payment Bypass, and many more…
- 👩💻IW Weekly #114: 4-Step Bug Hunting Methodology, CVE-2024-4358, Reflector, Bypass SSL Pinning, GraphQL API Vulnerabilities and many more…
- 👩💻IW Weekly #111: SSRF in NextJS, Blind SSRF on WordPress, ChatGPT Rate Limit Bypass, IDOR at Swiggy and many more...
- 👩💻IW Weekly #109: Hacking Telegram, Raining IDORs and BACs, Microsoft Graph Logging Bypass, HTMX Bugs, Wordlist for CI/CD Hacking and many more…
- 👩💻IW Weekly #107: CVE-2024-0333, $50,000 for hacking Google A.I, Auth-Bypass via Response Tampering, HTTP Request smuggling case study, Telegram RCE and many more…
- 👩💻IW Weekly #106: Hacking ICON Blockchain, BatBadBut Vulnerability, DOM XSS to ATO, Starbucks Hack, Bypassing Phone Number Verification and many more…
- 👩💻IW Weekly #105: XZ Utils Backdoor, DOMPurify Bypass, Secondary Context Bugs, Hacking ISPs, Email Verification Bypass, Gesture Jacking and many more…
- 👩💻IW Weekly #104: ClickHouse, Velociraptor, WAF bypass techniques, Path Traversal Vulnerabilities, io_uring Vulnerability in Ubuntu, Shockwave Attack Surface Management, .NET Remoting Exploits, Github dorks and many more…
- 👩💻IW Weekly #103: $35K Bounty, Nuances of Aggressive Scans, DLL Side-Loading, Hacking 3 Million Hotel Key Cards, WAF Bypassing Variants and many more…
- 👩💻IW Weekly #101: CSP Bypass using formaction attribute, 200 hours of hacking to $20K, CVE-2024-1403 analysis, Necessity of DevSecOps, Use of Github Actions to Bypass Microsoft Entra Smart Lockout and many more…
- Using form hijacking to bypass CSP
- 👩💻IW Weekly #99: Top 10 hacking techniques of 2023, CSP Bypass, Multiple XSS on Joomla, XSS on ChatGPT, Meteor subdomain takeover, Length filter bypass to SQL Injection, Nomulus pentest and many more…
- 👩💻IW Weekly #96: Windows Driver to Working EDR, Auth-Bypass within Ivanti’s Pulse Connect Secure, Infostealer Malware, Binary Emulation, Google Domain Tier Concepts and many more…
- 👩💻IW Weekly #94: 2FA Bypass, Decoding Obfuscated JavaScript, Exploiting Password Reset Functionality, AWS S3 Bucket Takeover, Invisible Prompt Injections and many more…
- High Signal Detection and Exploitation of Ivanti's Pulse Connect Secure Auth Bypass & RCE
- 👩💻IW Weekly #92: Cloudflare Pages Vulnerabilities Analysis, CORS Cache Exploitation Automating RTFM with ChatGPT, Shrewdeye Bash, XSS to ATO, Bypassing Door Passwords and many more…
- 👩💻IW Weekly #85: LFI to RCE, DoS Bugs, RXSS on Microsoft, Race Conditions, Finding Leaked Tokens, Bypassing URL Parsers and many more…
- 👩💻IW Weekly #84: DOM-based race condition, Bypassing Android Debug and root detection, F5-BIG-IP CVE-2023-46747, SQL injection on admin login , Hacking HP monitor display, Analyzing Metamask snaps and many more…
- 👩💻IW Weekly #82: Single Packet Attack, Nuclei v3, DOM XSS, IDOR Insights, Bypassing CSP, AI & Hacking, Android App Hacking and many more…
- 👩💻IW Weekly #81: Chrome SOP Bypass, Unauthorized access to Admin panel, Access to Instagram’s private posts, Looney Tunable Linux Privilege escalation [CVE-2023-4911], NoSQL injections and many more…
- 👩💻IW Weekly #78: OAuth Misconfiguration, Account Takeover, Virtual Hosts, SQL Injection, Hacker Tweets, Advanced Root Detection Bypass Techniques and many more..
- 👩💻IW Weekly #76: Android Native Libraries, Proton Mail’s Security, Source Code & Secrets exposed on Top Websites, Zero Click Mass ATO, CSP Protection Bypass on Google, Hacking Online Casino and many more..
- 👩💻IW Weekly #74: RCE through Dependency Confusion, 2FA bypass in Meta, Client side Prototype pollution and its prevention, Paywall bypass, SSRF tricks and many more..
- 👩💻IW Weekly #73: ATO in Shopify Stores, CVE-2023-36809, Risks in Cross-Chain Bridges, Bypassing Firewalls, Hacking iOS Apps, Uncovering Zenbleed and many more..
- 👩💻IW Weekly #69: OpenSSH RCE, Xamarin Applications Reverse Engineering, Puzzled XSS, CVE-2023-3519 analysis, XSS and CORS bypass and many more..
- Bypassing CSP via DOM clobbering
- A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF...
- Ambushed by AngularJS: a hidden CSP bypass in Piwik PRO
- Stealing passwords from infosec Mastodon - without bypassing CSP
- Bypassing Firefox's HTML Sanitizer API
- Embedding Payloads and Bypassing Controls in Microsoft InfoPath
- Bypassing CSP with dangling iframes
- Hunting nonce-based CSP bypasses with dynamic analysis
- Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions
- Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions