#12

A topic that we must discuss more

I can't express how grateful I am to NahamSec for his live recon interviews. Not only for the amazing technical stuff and methodology but also for talking about a topic that doesn't get mentioned enough: mental health. In every interview, he asks his guests about...

GCP and AWS commands cheat sheet

In 2021 I think no one needs explaining what cloud is and why it's that popular. It solves many problems but it also presents new risks. If you are working in a security team, chances are that sooner or later you will have to learn about cloud security. If you do,...

Using CodeQL to hunt for DOM-XSS (+ idea for a series)

CodeQL is a subject that gets mentioned here quite often. I hope it does interest you as much as I do. Today, I have for you an article with some basics of CodeQL and the way you can use it to find DOM-XSS in closed-source applications. The idea is to simply download...

Client-side secret scanner

I am excited! I've been trying to find a good approach to finding secrets in javascript for a while but I didn't find a good one. Usually, what I was doing during pentests was downloading the JS files locally using Burp and then scanning them using gitleaks. A browser...

5-year bug bounty journey

I really like talks like this where someone presents their whole journey. There's much more to learn from it than from 'I scored $XX,XXX bounty'. Today we will take a look at the 5-year bounty journey of shubs who made $850,000 in that period. Not doing it full-time....

Client-side path traversal

Client-side path traversal is a new name for me. Sam Curry mentioned it on his Twitter. I want to share it because I do see some use cases for this trick. It also means that we won't get rid of CSRFs that quickly. What is client-side path traversal about? Let's say...