A lot of you ask me about the Web3 content. I will be publishing some videos about it soon but in the meantime, check out the repo where the Immunefi team gather all the resources about guides, tools, bugfix reviews and everything else about Web3 security....
#44
Hacking popular car manufacturers
I don’t know how about you but I’ve always been curious about car hacking. It’s just more tangible than hacking a website. Sam Curry published a thread about hacking cars. Not by taking them apart but by attacking their web-facing APIs....
Inti’s research on phone numbers (RFC3966)
I am a huge fan of Inti. He just reads RFCs carefully and finds good bugs by implementing what’s written there. This time, he took a look at the phone number formats and, among others, popped an alert on Google. For now, the talk is available if you are NahamSec’s...
The basics of CSP bypasses
To be honest - I don’t like Content-Security Policy. It’s unclear what programs accept XSSes without a bypass and which do but with lower severity. If you’ve watched the Stipe bounty vlog, you know my story - I almost didn’t report 2x$2,000 XSSes because I didn’t have...
Finding WAF bypass step-by-step
I really like this blogpost by @pmnh_ . He shows the whole process of constructing this crazy-looking payload from scratch. While you never can learn experience, the closest you can get is by understanding someone’s thought process and I think it was really well...
When frameworks say one thing but they mean another…
HEAD is a method that’s kinda like a GET but without a response body. It’s not that commonly used but useful in some contexts so frameworks want to support it. Moreover, they want to support it without the explicit work required from developers. Thus, many frameworks...
Abusing HTTP hop-by-hop request headers
I learnt recently that the Connection header can have other values than close or keep-alive. When you put a header name there, it should mark the header as hop-by-hop which means it shouldn’t be forwarded further by the reverse proxy. You can use it in some more...
Exploiting Open Graph and oEmbed protocols
Whenever we share a link over social media, a preview like this shows up. To be honest, I thought it’s coded separately for services like YouTube and for smaller ones, it’s just extracted from the page’s title, its URL and maybe some smart crawling functionalities...