NIST published a document that defines terminology in the new and growing industry of security around AI. I’m no authority in this industry but @rez0 is and he described the document as “the best AI Security Publication that he’s ever seen” and that’s a very strong...
#68
Blind XSS in Apple’s website leads to a Harry Potter quote
Sam Curry discovered a blind XSS in the email field in one of Apple’s websites and found a quote from Harry Potter left on the internal website by an employee. From a technical standpoint, this is the email address that he used: If you want to know why is this a valid...
The Find command by @TomNomNom
My terminal workflow improved drastically after watching TomNomNom’s video with STÖK about using many useful bash commands. And it was only 36 minutes… That’s why I’m very happy to see Tom publishing his own videos because I know that he uses tools you and I use daily...
Gunnar Andrews – How I Built Recon to Scale with Serverless Architecture
Even though I do identify as a manual hacker, I still once in a while have to spin up a server to test something. Or I want to run the script for, for example, diffing JS files. I’m neither good nor enjoying managing infrastructure so I’ll usually spin up a...
XSS With Hoisting
JavaScript hoisting (yes, “hoisting” and not “hosting”) is a feature of this language I hadn’t known about until recently but then I heard about it in the CTTB podcast, saw a challenge by Johan Carlsson and read a blogpost by @brutelogic. It’s a feature that allows...
3 Nginx tricks for auth bypass
Understanding Nginx and its potential misconfigurations can lead you to find many vulnerabilities. In this article, I’ll show you Nginx tricks I learnt from a CTF I played at the 37C3 conference. It’s not a task writeup - I’ll focus on parts of the task that can be...