#13

Fuzzing WebSockets messages

A few issues ago I presented what is known as client-side WebSocket hijacking. However, this is not the only issue that can occur there. At the end, the backend still processes your input somehow. When it does, standard vulnerabilities with access control or injection...

Meditation

Many people, including me, have such an image in mind when first hearing about meditation. However, that's not the only way to meditate. The way more common one, practised by many people, looks more like sitting on a chair with closed eyes - nothing special from the...

Hack your resume

In the latest live recon, Nahamsec's guest was Jason Haddix. However, this wasn't a standard episode. This time, they focused on creating an InfoSec resume. If you want to know what things you should focus on to impress the HR or the security team, definitely watch...

Creating wordlists

I'm not a recon-heavy type of hacker. To be honest, understanding and deep diving are much more interesting to me. However, I also want to know something about enumeration. So I took a look at "Creating Wordlists for Hacking, Pentesting & Bug Bounty Hunting Using...

Overlooked vulnerability classes

A few weeks ago, OWASP TOP 10 2021 was released. Unfortunately, it becomes more and more useful for developers and less useful for hackers. You won't find there many concrete vulnerability classes. Instead, there are generic... hmm bugs? I'm not sure bugs is the...

Get CVEs by hacking WordPress plugins

Wpscan‎.‎com are the creators of the tool with the same name. It's definitely something you used if you have ever approached a WordPress target. They created an ebook about looking for vulnerabilities in WP plugins. It's for you if you prefer white-box testing...

8 non-obvious Burp intruder tricks

Intruder is my second most often used active functionality of Burp, after repeater of course. For a long time, I had been using this tool inefficiently. I just didn't know about it. Now I've learnt a bit and I'm happy to share 8 non-obvious tips that will improve your...