None of us manual hackers has an infinite number of bugs to report. Sometimes, we need a few hours to find a bug but at other times, we need days or weeks. So when we finally have it, it would be stupid to write a poor report and get a bounty lower than we deserve....
#65
Caido catching more traction
For a long time, Burp suite was basically the HTTP proxy that everyone was using despite numerous problems that we have had with it. However, Burp’s competitor - Caido is getting more and more traction recently and is getting more people onboard. I’m happy to see it...
Hunting For Amazon Cognito Security Misconfigurations by @Yassineaboukir
AWS Cognito is a cloud solution to handle authentication and authorization for developers. I’m sure not having to handle this part sounds awesome for them because there are many mistakes you can commit in this functionality. But while AWS Cognito handles a lot of...
Bounty of an Insecure WebView: XSS, but with Steroids
I get regularly asked about mobile bugs in bug bounty. I often say that many bugs regarding, for example, mobile storage that I reported during pentests, are not severe enough to qualify for a bounty. There are, however, bug classes that are definitely worth looking...
Hacking Google Bard – From Prompt Injection to Data Exfiltration
For me, the moment that Google Bard got access to Gmail and Google Docs was the moment I stopped to see new bug classes like prompt injection or jailbreak escapes like some attacks of the future and I started to see them as having the real, severe impact here and now....
Severe HTTP request smuggling bug chain
I always read and watch James Kettle’s presentations about request smuggling to understand the new attacks. However, a lot of times I then don’t see how they are exploited in the wild. That’s why I liked this article by D3D where showed how he was able to send all...