I’ll admit that I have a strange feeling of relief because of the current AI hype. I wanted to learn something new for a long time now. There was Web3 for a while but it didn’t convince me as a user. I saw the huge bounties, I saw the success of Gary V and I thought...
Articles by Issue
Hackers are Shifting Left, Too – Spaceraccoonsec
Shift left is the trend where developers introduce security checks as early as possible in the development lifecycle. Along with some other factors, it makes the software more secure. However, every time you introduce any component to the pipeline, you also introduce...
ReconAIzer – Optimize your recon with GPT
ReconAIzer is a Burp extension that allows you to optimize recon by asking GPT for suggesting things to do. I am yet to test it but I surely will! https://github.com/hisxo/ReconAIzer
Ultimate 401 and 403 bypass methods
Klaudia from Vidoc Security wrote a blog post about various ways to bypass 401 or 403 status codes. I didn't know all of them. For example, I didn't know that in Spring Framework < 5.3, if you map your route to /admin, by default it will also be mapped to...
XSS attacks via Content sniffing
In short, content sniffing is a bug that causes the browser to interpret a response without a content-type header as HTML. This vulnerability can be exploited to smuggle XSS payloads in files like images. I was aware of this issue and had found a few XSS...
Good Web Security course for beginners
People often ask me for recommendations on a good introductory web security book or resource. While I learned from the legendary “Web Application Hacker's Handbook”, it was already out-of-date by 2017, so I hesitate to recommend it today. A course from Stanford...
How to maximise payouts for file disclosure bugs? File disclosure case study
Path traversals may seem like an easy vulnerability class - read /etc/passwd, send a report, done. But it’s only scratching the surface. What about file writes? What files to read to prove the impact? How to turn it into RCE? To answer these questions, I went on the...
Top-Tier Bug Bounty Hunter Mindset
Over the years, Yassine Aboukir has transformed from reporting lots of NAs and Informationals to discovering lots of cool, impactful bugs and even receiving a Most Valuable Hacker award at a Live Hacking Event. In his recent talk, he described how he changed his...
Is GPT good enough already to find bugs for you?
A lot of you have been asking me to create some AI-related articles and explain how we can use it for bug bounty. While I do believe that AI will help us a lot in the future, so far I have not found a suitable use case for finding bugs. I do, however, find it...
How to write a new CodeQL query and maximise payout? RCE via ZipSlip query
Some of you might have seen on Twitter that I recently received my highest bounty of $5.5k from GitHub Security Lab for a CodeQL query that detects RCE via ZipSlip. It’s my second CodeQL bounty and I'm really happy with the return on investment I get from it. If...