Mark Rober, a Youtuber with a slightly bigger audience than me (19 million subs, only 19 million more than me) made an experiment. He gave his audience the simple coding challenge to lead the car from the start to the finish using code blocks. This doesn't matter...
#7
How to identify an unknown secret?
pywhat is a python script that can identify what string you gave him. It's useful when you find some secret in JS or in a mobile application and you don't know did you find. Of course, it won't help with completely random secrets but it will be useful for...
Examples of dangerous code in Java, .NET, PHP and Ruby
If you are doing a white-box test then it's good to know what functions in what language can be dangerous. Inon Shkedy has shared a few links to the best website with documentation in the world - StackOverflow. There are instructions on how to immediately spot...
The book of secret knowledge
This GitHub repo contains a mass of links and resources from the security world. Everything in one place. For us, the most interesting chapter is of course Hacking/Penetration Testing and specifically: Pentesters arsenal tools - you will definitely find here some...
Should you stop using alert() in XSS?
You say XSS, I think alert(). However, it might no longer be the ideal proof of concept for cross-site scripting. Some malicious adverts were using alert() for social engineering from iframes on legit websites. Chrome made the decision that alerts will no longer work...
Collaborating in bounties
Have you ever wondered if collaborating on bounties is right when you are a beginner? If yes then there's a good article by zseano. He interviewed 4 hackers from his BugBountyHunt3r platform that started collaborating together. They were able to find 25...
Browsing files from your VPS using Visual Studio Code
Many hackers use VPS a lot. VPS stands for virtual private server and it's basically a machine somewhere in the cloud that you control. Some benefits from using them are that you don't need to install all hacking tools on your personal machine and if your IP...
DNS takeover vulnerability
Standard subdomain takeovers are done using dangling CNAME records. This type of vulnerability is so popular that it's highly automated by now. However, it's not the only type of subdomain takeover. There's also a subdomain takeover that relies on leftover...
$20,000 RCE in GitLab via 0day in exiftool
If you haven't yet watched my video from last week, please watch it or add it to the "Watch Later" playlist. In my opinion, it's a really cool bug! https://youtu.be/YYLqzj5-N7w