#26

Finding a Ruby deserialization gadget

Finding gadgets for deserialization bugs is not an easy task. But if you want to see how it’s done, check out this article by HTTPVoid about finding a deserialization bug in a recent version of ruby and turning it into an RCE. Ruby Deserialization - Gadget on Rails

TruffleHog V3

TruffleHog is one of the most common tools that you can use for scanning repositories to find secrets. It recently got even more powerful with the v3 version. It now supports over 600 credential detectors. Moreover, apart from returning the key, TruffleHog will make a...

Web3 learning corner #3 – preparing a BBRE video

Solidity, Blockchain, and Smart Contract Course – Beginner to Expert Python Tutorial At the moment, I am at 9h 50m of the solidity course on freeCodeCamp , just before the chapter about NFTs. I rather fast-forwarded through the Defi & Aave lessons but I will watch...

Python as an HTTP client for hacking

Sometimes, you want to test a functionality but it is too complex to automate it with Burp. For example, it requires a few requests or some specific transformation. Maybe, some people can do magic on Burp’s macros but I am not one of them. That’s why in these specific...

Prototype pollution in an XML-based format

Guilherme Keerok found a very interesting attack vector - prototype pollution inside an XML-based plist file. I don’t know how about you but I probably wouldn’t come up with this. When I’m thinking about prototype pollution, things that come to my mind are request...

Finding web2 bugs on NFT websites

When I think about hacking NFTs, hacking smart contracts is what comes to my mind. But it’s not necessarily the case. Zseano doesn’t know how to hack smart contracts yet but he has decided to test a few NFT websites and approach them with his extensive knowledge about...

Several critical vulnerabilities in GitHub Actions

A few issues ago, in BBRE Premium #22, in the article “Hacking GitHub actions ” I wrote “I think it’s quite a good niche to test GitHub Actions these days.” I’m happy to report that apparently I was right because in March, Cycode published an article about finding...

Burp’s Turbo Intruder

Burp’s intruder is great. But you know what is better? The Turbo intruder. If: you would like to send more requests in the same time than with the built-in intruder you are annoyed by the throttling of the community version or you simply prefer to have more control...