#2

Maybe our times are not that bad after all?

As my Twitter followers saw, last week I was in Gdańsk. It's a beautiful city over the Baltic sea but also a place where the 2nd World War started. It got me thinking about how grateful I am for living in the 21st century, even with the Covid pandemic. Why is...

iOS hacking videos

Have you ever hacked or tried hacking iOS applications, you know that there's little to no materials out there. Most of the time you need to try on your own or browse to the place never visited by anyone - the second page of google search results??. However,...

How to write a Burp extension?

Have you ever thought about writing a Burp Suite extension? I certainly have but never really got to do that. Parsia Hakimian, a senior security engineer from Electronic Arts, whose $15k bug was also featured on the channel ($15,000 Playstation Now RCE via insecure...

Single most time-saving terminal trick

In the perfect world, every terminal command that you execute more than once you have automated, blah blah blah... ? Both you and I know this is not true. Many times you will have to write very similar commands over and over again. You can use up arrow to find lately...

IDOR cheat sheet

With modern frameworks secured by default from many popular vulnerabilities, I see that IDORs have a bigger share in my pentest reports. Usually with high risk as well. IDORs are: hard to find using DAST, SAST or source code review relatively easy to find for a human...