#36

A tool to get a USA phone number

The problem of needing another phone number for registering a test account on a website is quite an annoying one. Especially when the number has to be from a particular company, often the USA. While free SMS gates are sometimes enough, often they don’t work as they...

Preparing a technical presentations

Chelsea Troy wrote an interesting article about preparing a technical talk. I think this kind of material is needed because while articles about preparing presentations are all over the Internet, there are very few materials about technical talks. They are vastly...

A niche with good bugs to be discovered

There’s a new article on Sonar Blog about exploiting a command injection in VS Code. While it’s fairly straightforward, I’d like to point your attention to these kinds of bugs - bugs in desktop applications that communicate locally with other tools, including the...

Live hacking events – what do top hunters focus on?

𝚛𝚎𝚣𝟶 tweeted about lessons learned on the last H1-702 live hacking event. Among others, he shared what he thinks top hackers focus on during these events: Client-side javascript review (looking for chains, xss, auth bypass, etc), auth bugs (looking for oauth issues,...

Hacking APIs

Corey Ball shared some slides from his workshop about hacking APIs. It can help you organise your knowledge about APIs. He also shows some neat tricks like transforming mitmproxy requests into the Swagger specifications format to feed them to Postman. If that’s your...