#59

Public Office Hours by Louis Nyffenegger

,

Louis Nyffenegger is a founder of PentesterLab. Even though I don’t know him personally, I have big respect for him as a hacker, teacher and as a person. He just decided to offer public office hours where you can chat about careers, learning or even startups. I...

Even more ways to bypass URL validation

,

While I was reading this tweet from Justin Gardner about leaking Oauth codes, I found a cool research paper in a reply by SickSec. The paper was about URL validations and I didn’t think I will find something new. But I have. For example, these two bypasses I wasn’t...

The Trail of Bits Testing Handbook

,

Trail of Bits is a company I have massive respect for. Thus, I’m very happy they are releasing their testing handbook where they will describe their usage of different tools for testing. Not only does it cover installation and normal usage but also things like...

JSluice: Extract URLs, paths, secrets and more from JS files

,

TomNomNom is the author of many great hacking tools. This time, he released something I think we’ve been missing because, to me, the existing tooling didn’t seem good enough. It’s a tool to extract URLs, paths, secrets and other interesting data from JavaScript files....

Whose Input Is It Anyways? by Rael Sasiak-Rushby

,

Rael Sasiak-Rushby presented a talk titled “Whose Input Is It Anyways?” on BSides Leeds. The talk was interesting to me because he focused on the aspect of working with developers and understanding their struggles. It will be especially useful for those of you who...

DevTools #3 – Debugging client-side JavaScript

,

In the last two issues of this course, we covered the browser’s Elements, Console and Network tabs, and then different ways to set breakpoints. In this issue, we finally get to what to do when our browser hits the breakpoint. This is a massive help for understanding...