#69

WebSecurity Academy Web LLM attacks

Portswigger’s WebSec Academy now has a section with Web LLM attacks. I’m always saying it’s a great resource and I’ll definitely do these labs soon. https://portswigger.net/web-security/llm-attacks

37C3 – Breaking “DRM” in Polish trains

This talk isn’t about bug bounty. It isn’t even about the web. But it’s such a cool hacking story. In short, suspiciously, some trains in Poland were not working properly and the company that was using them hired hackers from the Dragon Sector CTF team. They reversed...

Migrating my JS Monitoring script to AWS

A few weeks ago, in issue 66, I showed you a python script that implements Justin Gardner’s approach to monitoring JS files. Then, in issue 68, I shared my notes from Gunnar’s presentation about serverless. In this issue, I will combine the two and I will migrate my...

How to use Burp’s Bambda mode? +examples

The search functionality in a tool like HTTP proxy is one of the most important ones. Burp recently added the Bambda mode to filter requests using code. I’ve seen some people on Twitter praising this functionality. Thus, I took a look at the documentation and I...