HTTPVoid published a writeup about escaping an iframe in headless Chromium browser using an exploit to spoof the origin. This led to an SSRF in a website that generated screenshots from user-controlled data. It shows how sometimes you have to step away from web only...
#25
Debugging a Java application with decompiled source code
I think debugging is a great skill and a huge help when auditing a source. However, it’s not always easy or possible to set up. For example, for a long time, I thought you can’t debug decompiled Java code. But turns out you can! Here’s a guide on how to do this:...
Web3 Learning corner #3 – the first CTFs
Solidity, Blockchain, and Smart Contract Course – Beginner to Expert Python Tutorial In the last two weeks, I continued the solidity course from freeCodeCamp . I must admit that I am speeding up the pace a little to 2x in order to finish it quicker. I am aware that I...
Writing sqlmap tamper scripts
Sqlmap is a fantastic tool for exploiting SQL injections which seem to have received a second life recently. I remember that for a long time, when built-in sqlmap tamper scripts didn’t work for bypassing a filter, I defaulted towards writing my own script in python...
Reading RFCs for bug bounty hunters
RFCs are great documents when you are looking for ideas for research or for bugs. But how to read those long documents without bolds and images? EdOverflow created a blogpost about them and how we, bug hunters, can use them for our purposes. It’s a great one and tells...
A surprising quirk of regexes in JavaScript
I have a very interesting and surprising behaviour of JavaScript that I discovered recently when hacking on Elastic. Take a look at this regular expression: It’s a strict host validation that should only allow sub1[.]example[.]com and sub2[.]example[.]com. The tool...
Q&A about source code review and debugging
Last week, I made an AMA here over email about source code review and debugging. As one of you suggested, it would be cool to aggregate responses and show them to other people. So I selected the most commonly asked questions. Here they are. Do I need to know the...
What it takes to be good at bug bounty hunting – DefCamp 2021
Robert Vulpe had a really good talk on DefCamp 2021 titled “What it takes to be good at bug bounty hunting”. Sometimes, such talks don’t have much content inside but in this case, there are loads of practical tips. Here are my notes from the talk. Reasons to do bug...