Manual source code review is tedious and often takes a long time. Albeit tools will never replace a human, utilising tools is simply a smart thing to do. Sometimes, you will be lucky and you will get a bug straight away. I’ve been lucky with it recently. Most of the...
#56
Cookie Bugs – Smuggling & Injection
This blogpost by Ankur Sundara once again proved useful for solving a CTF challenge. This time, one player use the empty cookie trick to solve my challenge in an unintended way. More about that in the video I’ll dedicate to the task but I’m sharing this already...
Tips and tricks for Burp Suite Pro by @Agarri_FR
Working productively with Burp suite is key to allowing your mind to focus on the hacking itself and not the usage of the tool. In this talk on NorthSec 2023, Nicolas Grégoire shared a bunch of tricks in Burp but also in a few extensions. Watch the talk yourself here...
Hacking root EPP servers to take control of zones
When you see four names like Sam Curry, Brett Buerhaus, Rhys Elsmore, and Shubham Shah collaborating together, you know their work will result in a serious threat to the Internet. It wasn’t different this time when got the ability to control DNS zones in all of the...
Story of an RCE on Apple Through Hot Jar Swapping by Frans Rosen
Frans Rosen is one of the hunters whose reports I love the most. They are always at least somewhat novel and crazy. This time, he found an RCE on Apple and used a technique called hot jar swapping - he replaced an already loaded JAR file and walked on a very thin...
AI Canaries
When I was creating the transcript of my latest video, I asked chatGPT to add some interpunction and change the capitalization of the text, without modifying the content. But in the middle of the text, chat stopped rewriting the transcript and started to explain to me...
iOS deeplink attacks
I used to perform pentests of iOS applications. One of the things I disliked about it was that most local bugs on the device were really hard to exploit. Enough to put them in a pentest report but probably not risky enough to meet the bar for any bounty. However, this...