#11

Processing URLs in terminal

When attacking any target, sooner or later you will want to take a look at some URLs. Where you can obtain them? From directory brute-force, gau, copy URLs from burp and many, many other sources. This article is not about obtaining URLs. It's about what to do next...

I have no time. Or do I?

*I have no time is one of the most common sentences these days. To be fair - I hate it *and I try to avoid it by all means. Why? Because I don't have time to spend 25 hours a day writing this newsletter. But I do have the time to spend 24 hours on it. Why I don't?...

Strategy for a year of bug bounties

A few issues ago I promised to cover the presentation from zseano named PUTTING YOUR MIND TO IT: BUG BOUNTIES FOR 12 MONTHS and here it is. In this talk, he gives a very concrete strategy for the whole year of bug bounty. Here are my notes: First things first You must...

Escalating blind SSRFs

In my career, there were a few times where I found functionality that allowed making requests to arbitrary locations but it didn't show me the response. Even though I suspected there might be an SSRF but I wasn't able to show the impact. In case of bigger bug bounty...

API security cheat sheet

A few newsletters ago, I was linking to an article from detectify blog about testing API security. Today, I have something even better. arainho created a repository where he gathers all the information about API security. Apart from things that are in most...

Exploiting E-Mail Systems

Inti, head of hackers in Intigriti, is known for finding really cool vulnerabilities in places omitted by others. In 2020, on NahamCon he had a really insightful presentation about attacking email systems. How complicated can they be? Turns out much more than we...