In my recent XSS case study, there were 3 copy & paste XSSes. While I was familiar with the general underlying mechanism, I didn’t know exactly how it works under the hood. This article by spaceraccoonsec describes those mechanisms in a writeup of a bug in Zoom....
Articles by Issue
DOs and DON’Ts I would tell my younger self before starting bug bounty
Every journey consists of good and bad things. While it’s impossible to just follow other people, it’s wise to learn from their stories. In this article, I’ll write a few things that would benefit me had I heard them a few years ago. I’m sure you will find here...
$1 mln bounty in Aurora blockchain for no input sanitisation bug
Bugs in the Web3 world are quite insane! And so are the bounties. In the last video, we've covered the vulnerability in Aurora that allowed to much take money from anyone's wallet without any interaction from them. https://youtu.be/Ol62FnY6mw8
4 scenarios where CSRFs you can still find CSRFs in 2023
I’ll admit I was mistaken about the impact of SameSite cookies on CSRFs. I thought that when browsers will start defaulting to SameSite=Lax, CSRFs will vanish. Surely, the number of CSRFs is decreasing but by no means have they vanished. In this article, I’ll show you...
Web3 Security Library
A lot of you ask me about the Web3 content. I will be publishing some videos about it soon but in the meantime, check out the repo where the Immunefi team gather all the resources about guides, tools, bugfix reviews and everything else about Web3 security....
Hacking popular car manufacturers
I don’t know how about you but I’ve always been curious about car hacking. It’s just more tangible than hacking a website. Sam Curry published a thread about hacking cars. Not by taking them apart but by attacking their web-facing APIs....
Inti’s research on phone numbers (RFC3966)
I am a huge fan of Inti. He just reads RFCs carefully and finds good bugs by implementing what’s written there. This time, he took a look at the phone number formats and, among others, popped an alert on Google. For now, the talk is available if you are NahamSec’s...
The basics of CSP bypasses
To be honest - I don’t like Content-Security Policy. It’s unclear what programs accept XSSes without a bypass and which do but with lower severity. If you’ve watched the Stipe bounty vlog, you know my story - I almost didn’t report 2x$2,000 XSSes because I didn’t have...
Finding WAF bypass step-by-step
I really like this blogpost by @pmnh_ . He shows the whole process of constructing this crazy-looking payload from scratch. While you never can learn experience, the closest you can get is by understanding someone’s thought process and I think it was really well...
When frameworks say one thing but they mean another…
HEAD is a method that’s kinda like a GET but without a response body. It’s not that commonly used but useful in some contexts so frameworks want to support it. Moreover, they want to support it without the explicit work required from developers. Thus, many frameworks...