This is not really a security link but I just wanted to send you this. Imagine.ai is a free service that generates a REST API for you based on the model that you create. Like many new things, it uses artificial intelligence. It's probably the trend that more and...
#6
How to not plan the day?
Let's say it's a Saturday and I'm creating the video for Monday. I do have some time because there's still Sunday coming when I can finish it but I'd rather do more on Saturday and have Sunday free. I don't have anything special scheduled - the...
Testing iOS apps without physical device
Anyone who ever tested iOS applications knows that it's neither an easy nor well-documented process. It's really hard to start and tools change all the time. Partly, the reason for that is that you needed a physical device with the iOS version vulnerable to...
Many struggled for hours, he did it in 57 minutes
What an XSS-themed issue of the BBRE newsletter this is... This time take a look from yet another side. Intigriti is known for awesome and really hard monthly XSS challenges. The June XSS challenge was completed only by 16 hackers! It's hard to tell how many tried...
50 SSRFs found in ColdFusion
3 weeks ago on my channel, I published a video about 0-day in Lucee that was exploited on Apple server. The video is doing really well, closing in on 10k views so you probably saw it already and you are familiar with ColdFusion and CFML tags. Turned out that 50 (!)...
Finding DOM-XSS with Untrusted Types
Speaking of DOM-XSS... It's definitely the hardest XSS type to find. I remember when I was at the presentation by Krzysztof Kotowicz from Google about Trusted Types where he mentioned how many of their bug bounty reports are DOM-XSS. I was like "DOM-XSS? I...
How XSS experts bypass CSP?
Gareth Heyes is one of the best in the world when it comes to XSS. Lately, he found a great XSS in Paypal. Initially, the report was rejected because PayPal requires you to bypass the CSP. Although he thinks that XSS should be accepted without Content Security Policy...
From 0 to TOP7 Hackerone in 2 years
PHOTO_AHMAD Ahmad Halabi was the top 7 hacker on Hackerone in 2020 after starting bug bounties only in June 2019!! It's a huge achievement in my opinion. Add that only in 2016 he received a mobile phone with an internet connection. That's only 5 years ago! It...