As some of you may be aware, I began playing CTFs last year. Although I'm still struggling to find enough time to solve them, I try to read write-ups to improve my skills, as these tasks are a great learning resource. Last week, we played DiceCTF and the web tasks...
Articles by Issue
How to Be An Ethical Hacker: 2023 Edition
The Cyber Mentor released a YouTube video “How to Be An Ethical Hacker: 2023 Edition”. He goes over what you should learn to become an ethical hacker from the very basics up to the more advanced stuff. If you are just getting into the industry, that’s a great...
Fuzzing the Web for Mysterious Bugs by @0xacb
Many modern applications rely heavily on regular expressions for input validation. In addition to validation, our payloads are also often sanitised and normalised. Although it would make sense to use the same process in all parts of a web application, the complex...
Top 10 web hacking techniques of 2022
The results of the Top 10 web hacking techniques of 2022 are here! If I were only restricted to reading 10 web hacking articles per year, I would choose these ones. This is the final list: 1 - Account hijacking using dirty dancing in sign-in OAuth-flows 2 -...
I compared the most popular recon tools. Here are the results – part 1 – passive enumeration
Comparison of the popular recon tools is something I’ve been interested in for a long time. But since there are no public results on this topic, I decided to run the tools myself on various domains. In the first part of the study, I’m comparing the public chaos...
SQLi Case Study
I never look for SQL injection vulnerabilities. To be honest, I don’t even think about SQLi these days, considering it’s a thing of the past. But am I right doing that? Well, there’s only one way to find out! Extract all the disclosed reports from the Internet and do...
Google OSV-Scanner
OSV-Scanner is Google’s tool to find existing vulnerabilities affecting dependencies. I think it’s a good addition to your SSDLC. https://github.com/google/osv-scanner
4-part series about hacking GitHub Actions workflows
If I were to predict what attacks will be growing in popularity in 2023, I would bet it’s different kinds of software development pipelines. It’s because they are getting more automated and do more things by themselves which opens more possibilities for nice attacks....
What advice would top hackers give to beginners?
NahamSec asked an excellent question on Twitter recently. Here are some of the responses that I resonate with: https://twitter.com/NahamSec/status/1605592932458778625
Finding bugs by reading RFCs
Every hacker has a different hacking style. Some of them are absolutely fascinating to me like the hacking style of Inti. He likes to simply read the docs or RFCs and do the research. It almost sounds too stupid to work but his findings prove it does. In his recent...