Critical Thinking is a fantastic podcast about bug bounty led by Justin Gardner (Rhynorater) and Joel Margolis (teknogeek). In particular, I recommend the 10th episode where Justin discusses going full-time bug bounty. One thing that caught my attention is how often...
Articles by Issue
NahamSec videos and NahamCon2023
NahamSec has been very active on YouTube recently, producing a lot of interesting videos like: 2023 Web Hacking Roadmap // How To Bug Bounty Learn Cybersecurity and Hacking Through CTF! Cloud Hacking: The Basics How To Pick Your Targets // How To Bug Bounty Also, he...
Repository with visual explanations of hundereds of formats
This repository contains hundreds of well-designed graphical explanations of file formats. If you've ever created an exploit in a binary file, you know it can be quite challenging. This repository doesn't make it easy, but it does make the process of...
Secure Code Game
GitHub Security Lab has created a secure code game that allows developers to learn how to secure intentionally vulnerable code. It's definitely worth trying out, especially for those who have been asking me how to get started with code review!...
DigitalOcean Droplet Proxy Burp Suite extension
Whenever I needed to proxy my Burp traffic through another IP address, I would just create an SSH tunnel to a VPS. Of course, the VPS would run all the time because I’m too lazy and it’s too cheap to turn it off and on every day. But Honoki created a Burp plugin that...
Booking.com Oauth account takeover writeup
Last year, my favorite vulnerability vectors were the new Oauth ones. I was quite surprised that we haven't seen more similar attacks. Recently, Aviad Carmel from Salt Security published a write-up of the Oauth account takeover in Booking which works similarly....
Two sides of cautiousness when looking for cache poisoning
This writeup I like and dislike at the same time. On a positive note, I’d like to highlight how AnkitCuriosity was cautious with not actually poisoning real users and invested several hours just to create a reliable cachebuster with which he could proove the bug...
GitHub Security Lab’s 10 bugs in DataHub with vulnerable code snippets
GitHub Security Lab has discovered multiple bugs in the DataHub application. The cool thing is that it's open-source, so the blog post includes the vulnerable code. You often ask me about ways to practice code review, and looking at vulnerable snippets is...
Nuclei Foundation series
The ProjectDiscovery channel now features a series of videos explaining how to use Nuclei, a tool that needs no introduction. The videos are created by PwnFunction so the quality is absolutely top-notch!...
Turning arbitrary file write into an RCE
Arbitrary file write is a very dangerous vulnerability, but its impact is more difficult to demonstrate than that of a file read bug. In a recent blog post, Maxence Schmitt and Lorenzo Stella from Doyensec describe a technique they used to turn arbitrary file write...