#41

Connection Contamination

I still feel like HTTP/2 is a relatively new thing but already, James Kettle looks forward to what threats will occur in HTTP/3. In this article, he describes connection contamination - a technique that you can use to escalate your XSS on one target’s subdomain into...

DEF CON 30 Presentations

The presentations from DEF CON 30 are now available on YouTube! I haven’t watched any of them yet but one that sounds very interesting to me is DEF CON 30 - Dongsung Kim - CSRF Resurrections Starring the Unholy Trinity The whole playlist:...

You don’t need a VPS to expose your server to the Internet

Like most home Internet connections, my Internet service provider doesn’t give me a public IP address on which I could expose anything to the Internet. When I need to, I’m using a VPS. Pretty much the only reason I’m paying for it is because a few times a month, I...

Recon – tools for wildcard scope vs open scope

In the survey I mentioned in the intro, a lot of you said that you struggle with recon and you’d like more tips about that. Here is a great article by Golden where he wrote down concrete tools that he uses for recon. What I like about it is how he divided which ones...

3 cool bugs from 0xLupin’s H@cktivitycon talk

Roni Carta presented a few vulnerabilities on Hacktivitycon during the H1-702 Live Hacking Event in Las Vegas. I think it not only has great bugs in it but also it’s a fantastic example of how to make a technical presentation that’s also engaging and funny. Here are...

Excellent bug bounty tips from @Rhynorater

Justin Gardner recently wrote Twitter threads with excellent tips, some of them very uncommon. The first one was about a couple of things that he always checks when looking at a web application . The whole thread is really good but two things caught my attention: The...

How to avoid being overwhelmed when reviewing the code?

The beginning of a new project can be very overwhelming - you don’t know what your target does, what technologies they use and you have no idea what bugs you should expect. The source code, although generally helps, can sometimes be even more confusing. Especially if,...