#20

Break into smart contract hacking

I don’t know how about you but when I see bounties of $100k, $500k or a million bucks, I can’t counteract thinking about learning smart contract hacking. However, now is not the time for me - I want to stabilise a bit with the web stuff before jumping to something...

Tricks used to find SSRFs in Websphere Portal

There’s a great writeup on the Assetnote blog about SSRFs. I read the whole blogpost and I encourage you to do the same because we can learn a ton from hacker like Shubs. However, in case you don’t have the time, I extracted a few tricks from the article. To find the...

10 address bypass tricks

Address validations are everywhere in web security. Improper implementations can lead to SSRFs, RCEs, postMessage bugs or CORS misconfigurations to name a few. Luckily for us, it’s extremely complex and developers often make mistakes here. Here are 10 tricks you can...