Assetnote blogposts were always great because they would not only tell you what was the bug but also how they found it. They got even better now because apart from telling you what was the bug, how they found it, they now also tell you how you should look for similar...
#47
Simple and easy JavaScript Analysis
Among other superlatives, I would describe Jason Haddix as the person that used or at least tested every single web hacking tool out there. He’s very much into finding more bugs and saving time by using tools well so I’m always listening carefully wherever he shares...
Web hacking takeaways from DiceCTF
As some of you may be aware, I began playing CTFs last year. Although I'm still struggling to find enough time to solve them, I try to read write-ups to improve my skills, as these tasks are a great learning resource. Last week, we played DiceCTF and the web tasks...
How to Be An Ethical Hacker: 2023 Edition
The Cyber Mentor released a YouTube video “How to Be An Ethical Hacker: 2023 Edition”. He goes over what you should learn to become an ethical hacker from the very basics up to the more advanced stuff. If you are just getting into the industry, that’s a great...
Fuzzing the Web for Mysterious Bugs by @0xacb
Many modern applications rely heavily on regular expressions for input validation. In addition to validation, our payloads are also often sanitised and normalised. Although it would make sense to use the same process in all parts of a web application, the complex...
Top 10 web hacking techniques of 2022
The results of the Top 10 web hacking techniques of 2022 are here! If I were only restricted to reading 10 web hacking articles per year, I would choose these ones. This is the final list: 1 - Account hijacking using dirty dancing in sign-in OAuth-flows 2 -...
I compared the most popular recon tools. Here are the results – part 1 – passive enumeration
Comparison of the popular recon tools is something I’ve been interested in for a long time. But since there are no public results on this topic, I decided to run the tools myself on various domains. In the first part of the study, I’m comparing the public chaos...