#34

Cloud learning resource

,

Recently, one of the BBRE Premium subscribers asked on our Discord server about resources to learn AWS. As I know little to nothing about AWS, I had to reach out to my good cloud-oriented friend, @_pkusik and he recommended me A Cloud Guru . I thought I would share it...

Browser security resources

,

Cezary Cerekwicki, head of product security at Opera, compiled a list of browser security learning materials. It’s definitely for you if you are interested in hacking browsers but even if you’re not, there are some references like Public Suffix List or whitepapers...

Bug bounty isn’t a ‘get-rich-quick’ scheme

,

Ajax Chapman shared some thoughts about the bug bounty industry and the takeaway for me is that, contrary to somewhat popular expectation, it’s not a get-rich-quick scheme and it takes a lot of work to become successful. I think that for most people in my audience...

DOM clobbering

,

I think it’s really rare in our industry to see a well-written and detailed article about a non-beginner-level topic. So I’m that much happier to see this article by 0xGodson about DOM clobbering. It’s a complex subject and I never really invested time into...

Learning GraphQL #2 – mutations

,

In the last lesson from this course, we covered basic queries, arguments, aliases, fragments and variables. In the meantime, I also started creating my own server that relies on GraphQL. So far, it’s pretty much a hello world example but over this course, I will...

Mark Dowd – How Do You Actually Find Bugs?

,

Mark Dowd presented a great keynote at OffensiveCon22 titled “How do you actually find bugs?”. He talked a lot about the mindset and problems that security researchers encounter. I think there are a lot of tips we can learn from it. Here are my notes. The mindset To...