#19

Interesting bugs in Hubspot and Instapage

I’m a simple man - I see Sam Curry publishing writeup, I read the writeup. This time it’s a short one about a couple of interesting bugs found in Hubspot and Instapage. It’s definitely worth reading because there are tricks that can be used in many different contexts....

Installing Burp Collaborator instance

Burp Collaborator is an awesome tool and I probably don’t need to tell you that. However, there are a few problems with using the Portswigger’s server: Disclosing sensitive information to 3rd party company. Depending on what you hack, it may or may not be a problem....

Recon roadmap of an experienced hunter

Ahmad Halabi shared his process of discovering new targets. Starting from the beginning, through subdomain enumeration, port scanning and directory brute-force, up to analysing JS files. Unfortunately, he didn’t share what tools does he use but when you know what you...

Strategy to become a pentester

On PentesterLab’s blog, there’s a great article that will help you order some things in your mind if you want to land your first job in our fantastic industry. You probably noticed already how many different areas there are inside cybersecurity. Which of them you...

Finding postMessage bugs with DOM invader

As promised in the last issue, here’s the tutorial of using DOM invader for tracking and fiddling with postMessages. This tool is really awesome and it does make finding this type of bugs absurdly easy. postMessage 101 Let’s start with the explanation of what...