Clint Gibler wrote a summary of each AI talk from BSidesLV, Black Hat, and DEF CON 2024 so if you want to quickly get up to speed and see what’s going on without spending hours on each talk, check out his TL;DR....
Articles by Issue
Next.js and cache poisoning: a quest for the black hole
Incredible, how sometimes adding a single header like x-middleware-prefetch: 1 can cause a website to be DoSed for everyone. This is an actual technique used by @zhero___ and described in this blogpost. Or, more specifically, one of three different cache poisoning...
Universal Code Execution by Chaining Messages in Browser Extensions
I feel like browser extensions have a lot of capabilities and are very juicy targets, yet I don’t think many people focus on them. Once I have more time, I’ll take a look at a few of them in-scope of some bug bounty programs. Especially since this blogpost by...
Chaining Three Bugs to Access All Your ServiceNow Data
Assetnote blogposts are amazing! Not only do you learn what the bug was but you even get to know the whole architecture of the target technology. From this one, you go all the way from injecting XML tags, through bypassing a blocklist, up to template injection and...
Monke’s Guide to Bug Bounty Methodology
Monke disclosed his whole bug bounty methodology and included many interesting topics like program selection, scope selection or tools used but also important non-technical aspects like mental health and collaboration....
The X-Correlation between Frans & RCE – Research Drop – @fransrosen & @ctbbpodcast
On the Critical Thinking podcast, Frans Rosen dropped research about exploiting parts of the application that I always ignore - the correlation headers like Request-ID, which resulted in crazy findings! For example, sending this x-request-id header resulted in the...
Use lemma to run your tools with a click from the browser
lemma is a tool developed by defparam which allows you to run CLI tools on an AWS lambda. It has two main benefits. One is that it can seamlessly distribute your workload across different workers. The other is that it has a web interface to run CLI tools from within...
Gotta cache ’em all: bending the rules of web cache exploitation
Whatever bug class you’re testing, you always have a variety of tricks or bypasses that you try. Sometimes they work, sometimes they don’t and you rarely know why they do. That’s why I love research with a fact-based approach that says which tricks actually work and...
Splitting the email atom: exploiting parsers to bypass access controls
Gareth Heyes took a closer look at the email format specification. We’ve seen a great talk about emails a few years ago by Inti so I knew parsing emails isn’t straightforward but I didn’t realise it’s that complex. Gareth found a variety of ways to change the encoding...
Listen to the whispers: web timing attacks that actually work
Timing attacks are something I’ve been aware of for a long time yet I haven’t utilised a lot. But this year, James Kettle’s research reveals techniques for timing attacks that allow us to detect timing differences as small as 200μs which we can utilise in a wide range...