Gareth Heyes took a closer look at the email format specification. We’ve seen a great talk about emails a few years ago by Inti so I knew parsing emails isn’t straightforward but I didn’t realise it’s that complex. Gareth found a variety of ways to change the encoding...
Hacking Techniques
Hacking Millions of Modems (and Investigating Who Hacked Sam’s Modem)
Sam Curry wrote an interesting story that started with someone repeating his local HTTP requests and ended with detecting a bug that allowed him to control thousands of routers. https://samcurry.net/hacking-millions-of-modems
npm search RCE – Escape Sequence Injection
The bugs in this blogpost are very interesting. In short, the author uses escape sequences to execute a terminal command while only controlling the command’s output. I’ve read it a few times and I still don’t understand 100% how does it work. I think it might also...
You can not simply publicly access private secure links, can you?
Whenever I’m sharing something via a URL, I wonder if it will get indexed by URL analysis tools, thus becoming public to anyone. Unfortunately, from this blogpost, we can learn that, unfortunately, there’s a great chance they are. It’s quite hard to say which tool...
Top 10 web hacking techniques of 2023
Portswigger's yearly TOP10 hacking techniques is a collection of the top writeups of the year. I make sure to read all the articles from the top 10 but also, I don't forget about the nominations list - I try to read the most interesting ones from there, too....
Popping WordPress Plugins – Methodology Brain dump
If you are into hacking Wordpress plugins, you must listen to this episode of the Critical Thinking bug bounty podcast! Ram shares a lot of unintuitive traps that are awaiting developers and tricks we can use to exploit them. After listening to the podcast, you can...
37C3 – Breaking “DRM” in Polish trains
This talk isn’t about bug bounty. It isn’t even about the web. But it’s such a cool hacking story. In short, suspiciously, some trains in Poland were not working properly and the company that was using them hired hackers from the Dragon Sector CTF team. They reversed...
Content-Type shenanigans
Parsing of the Content-Type header isn’t straightforward at all yet it can be crucial for some bug classes. Mathias Karlsson published a nice writeup where he described some techniques we can use when we control a suffix of this response header....
Even more ways to bypass URL validation
While I was reading this tweet from Justin Gardner about leaking Oauth codes, I found a cool research paper in a reply by SickSec. The paper was about URL validations and I didn’t think I will find something new. But I have. For example, these two bypasses I wasn’t...
Hacking Proprietary iCalendar Properties by Eugene Lim
In the modern world of computers, many things around us happen automatically. We don’t pay attention to them. But every once in a while, a hacker somewhere in the world asks themselves the question “How does it work?” and, more importantly, “Is it secure?”. I love...