#50

DigitalOcean Droplet Proxy Burp Suite extension

Whenever I needed to proxy my Burp traffic through another IP address, I would just create an SSH tunnel to a VPS. Of course, the VPS would run all the time because I’m too lazy and it’s too cheap to turn it off and on every day. But Honoki created a Burp plugin that...

Nuclei Foundation series

The ProjectDiscovery channel now features a series of videos explaining how to use Nuclei, a tool that needs no introduction. The videos are created by PwnFunction so the quality is absolutely top-notch!...

Turning arbitrary file write into an RCE

Arbitrary file write is a very dangerous vulnerability, but its impact is more difficult to demonstrate than that of a file read bug. In a recent blog post, Maxence Schmitt and Lorenzo Stella from Doyensec describe a technique they used to turn arbitrary file write...

The Ultimate CVSS Guide for bug bounty

CVSS is a uniform way to describe the severity of a bug. It has received a lot of criticism for its flaws over the years. However, we still use and we'll keep using it for now. Not because it's perfect but because we don’t have anything better. Incorrectly...