#56

Source code review – catching low-hanging fruit

Manual source code review is tedious and often takes a long time. Albeit tools will never replace a human, utilising tools is simply a smart thing to do. Sometimes, you will be lucky and you will get a bug straight away. I’ve been lucky with it recently. Most of the...

Tips and tricks for Burp Suite Pro by @Agarri_FR

Working productively with Burp suite is key to allowing your mind to focus on the hacking itself and not the usage of the tool. In this talk on NorthSec 2023, Nicolas Grégoire shared a bunch of tricks in Burp but also in a few extensions. Watch the talk yourself here...

Hacking root EPP servers to take control of zones

When you see four names like Sam Curry, Brett Buerhaus, Rhys Elsmore, and Shubham Shah collaborating together, you know their work will result in a serious threat to the Internet. It wasn’t different this time when got the ability to control DNS zones in all of the...

AI Canaries

When I was creating the transcript of my latest video, I asked chatGPT to add some interpunction and change the capitalization of the text, without modifying the content. But in the middle of the text, chat stopped rewriting the transcript and started to explain to me...

iOS deeplink attacks

I used to perform pentests of iOS applications. One of the things I disliked about it was that most local bugs on the device were really hard to exploit. Enough to put them in a pentest report but probably not risky enough to meet the bar for any bounty. However, this...