Learning XXS, XXE, deserialization any different bug class. It's what we often think about when talking about being a better hacker. However, there's a whole bunch of non-security related skills that may yield you even better return on invested time. I call them...
#15
HTTP/2 Request smuggling labs
Portswigger released the long-awaited WebSec academy labs about HTTP/2 request smuggling. I haven't yet done them but surely I will do. Did you try them already? If yes, let me know what was the hardest part for you. Maybe it's worth making a video about it🤔...
CI/CD Pipeline threat matrix
As we see from Dependency Confusion or “CI Knew There Would Be Bugs Here” — Exploring Continuous Integration Services as a Bug Bounty Hunter, CI/CD security is at least as important as the security of the application itself. At my last job, I was learning about these...
Turbo Intruder observedWords
If during the passive scan you mark learn observed words setting, you will have the observedWords wordlist available to you in the Turbo Intruder. It's a dynamic list of words that Burp sees in your target. You can access it by wordlists.observedWords....
Speed-up your dorking
Installing the binary git clone https://github.com/tomnomnom/hacks cd webpaste go build Installing the extension Chrome > 3 dots > More tools > Extensions Enable Developer Mode Click Load unpacked and mark the extension folder which is inside the webpaste...
Million from bug bounty in 4 Years
Ozgur Alp lately passed $1 mln earned from bounties. That's a huge achievement. Thankfully for us, he decided to write a blogpost with a few tips about how to follow in his footsteps. I do encourage you to read the whole article but here are my most important...
gRPC and protobuf – what is this all about?
I see protobufs and RPC quite a lot lately. First, I saw protobufs in the CloudKit hack (you will see a video on my channel about it). Then I found a $500 bug affecting gRPC (a really simple vulnerability, I hope to disclose it once resolved) and this week I saw an...