I’m getting messages asking about some CTF writeups as I’m playing them quite regularly. I will make some video writeups but only once in a while. Other ones I and other JCTF players will do (sometimes we have to due to a good finishing position) will be published on...
#42
A surprising characteristic of a Connection header and scaling 0days
This blogpost is soo good! It’s about cache poisoning on Akamai servers for which hunters eventually got over $50,000. There are two major takeaways for me. The connection header Take a look at this request. When I first saw it, I thought “WTF does the Connection:...
How to make notes about a target? +my Notion template
When I was a pentester, I didn’t feel the need to make exhaustive notes about my targets. Usually, projects started on Monday and ended on Friday so everything I needed was either in my head or easily findable in Burp history. However, I could definitely benefit from...
How much money I made in my first year of bug bounty?
In bug bounty, we lack transparency yet I think it can hugely benefit many people. It surely would benefit me if I saw transparent people at the beginning of my career. I decided to be transparent myself and I made a video about how my first year after quitting...
Tips for working with obfuscated JavaScript – .js.map files
Working with obfuscated JS is hard and I hate to admit it but I’m sure the obfuscated has hidden some bugs we all could have found. However, there are a few things we can do to either avoid having to deal with them or make them easier to read. The .js.map file format...