The problem of needing another phone number for registering a test account on a website is quite an annoying one. Especially when the number has to be from a particular company, often the USA. While free SMS gates are sometimes enough, often they don’t work as they...
#36
Preparing a technical presentations
Chelsea Troy wrote an interesting article about preparing a technical talk. I think this kind of material is needed because while articles about preparing presentations are all over the Internet, there are very few materials about technical talks. They are vastly...
Funny origin of an Auth bypass in IIS
Orange Tsai focused his attention on the Microsoft IIS server and specifically - the cache. He found 3 bugs: CVE-2022-22025 - Microsoft IIS Hash-Flooding DoS CVE-2022-22040 - Microsoft IIS Cache Poisoning Attack CVE-2022-30209 - Microsoft IIS Authentication Bypass The...
A niche with good bugs to be discovered
There’s a new article on Sonar Blog about exploiting a command injection in VS Code. While it’s fairly straightforward, I’d like to point your attention to these kinds of bugs - bugs in desktop applications that communicate locally with other tools, including the...
Live hacking events – what do top hunters focus on?
𝚛𝚎𝚣𝟶 tweeted about lessons learned on the last H1-702 live hacking event. Among others, he shared what he thinks top hackers focus on during these events: Client-side javascript review (looking for chains, xss, auth bypass, etc), auth bugs (looking for oauth issues,...
Learning GraphQL #4 – REST API as a data source and path traversals in docs
This episode of the learning GraphQL series is getting spicy! It’s because I’m implementing the REST API as a data source and turned out that by following the official documentation, I introduced a path traversal to my application! In case you are new, this is a...
Hacking APIs
Corey Ball shared some slides from his workshop about hacking APIs. It can help you organise your knowledge about APIs. He also shows some neat tricks like transforming mitmproxy requests into the Swagger specifications format to feed them to Postman. If that’s your...
$10,000 Reddit Oauth account takeover explained
Some time ago, I wrote on Twitter, that I am not going to make a video about the recent Oauth account takeover on Reddit for which Frans Rosen got $10,000 - their maximum payout. The reason was that the idea behind the attack is very similar to the ATO on Facebook I...