Self-XSS is often perceived as a bug without an impact. However, there is a simple yet impactful method of making a real self-XSS exploit. Surprisingly, this method is not that commonly known and while doing my XSS case study, I didn’t find a single report exploiting...
#54
Burp extension to visualise flows
Some time ago, on BBRE Premium Discord, one of the members recommended the Burp extension from Doyensec to visualize flows in Burp. You can mark a few requests and the extension will generate a graph for you, marking requests with authentication, cookies, CORS, CSP...
Bug Bounty on Steroids by @HusseiN98D
Hussein Daher had a great presentation on Bsides Ahmedabad titled “Bug Bounty on Steroids”. He shows a few writeups and discloses some cheeky tricks. You can check out the whole hour-long video on YouTube or you can continue reading my notes and takeaways. Account...
The AI Attack Surface Map
AI is a new and emerging area and so is its cybersecurity. One of the very first comprehensive resources about potential attack vectors is this AI Attack surface map by Daniel Miessler. Use it as a starting point whenever you are auditing AI-based solutions....
State of DNS Rebinding in 2023
DNS rebinding is quite a complex and misunderstood topic yet it is a great technique for exploiting SSRFs. Roger Meyer from NCC Group wrote a very comprehensive article about the state of DNS rebinding in 2023 along with some recent vulnerabilities. I’m sure you will...
Boost your productivity with text replacements
I could recommend you here every episode of the Critical Thinking Bug Bounty podcast in the dark, without even listening. I just learn so much from every episode. I recently listened to the 16th, about tools for bug bounty hunting. One really caught my attention:...
Crazy client-side bug chain by @jub0bs
jub0bs wrote a blogpost with a crazy chain with almost every single client-side bug class. I especially liked how he was conscious of the permissive CORS policy so he stepped out-of-scope to find an XSS to exploit an in-scope domain. But you should definitely read the...