Capture the Ether On Capture the Ether, I did two tasks: Token Sale Token whale Both of them were about over/underflows which is no longer the case in later versions of Solidity but I still think it’s good to have these fundaments. How The Opyn Ethereum Contract was...
Articles by Issue
Escalating admin access to RCEs in common software
Awesome RCE techniques is a repository that includes ways to escalate account takeovers to RCEs in systems like WordPress, Drupal or Jenkins. They are not zero-days or some new attack techniques but they can often make your report a higher severity....
Bypassing client-side XSS filters
Bypassing filters is one of my favourite things in security. I like to find bugs where developers don’t expect it but It gives even me more satisfaction when I find a bug which the developer tried to prevent, for example, by implementing a client-side XSS filter....
burpsuite-project-file-parser
burpsuite-project-file-parser is an interesting tool to parse Burpsuite projects. It allows you to extract information from Burp’s project file to the terminal. You can then pipe it into other tools. I remember fighting with Burp to extract all URLs or JavaScript...
Web3 learning corner #6 – a $120,000 clickjacking
Capture the Ether I continued to solve tasks from Capture the Ether CTF. I completed the Public Key task which was rather easy - about retrieving a public key from an existing blockchain transaction. The Fuzzy Identity took me much longer than it should. It was quite...
Google Cloud Platform (GCP) Prize 2021
LiveOverflow published a video covering winners of GCP Prizes. It contains 6 reports about the Google Cloud Platform and all of them are awesome! They include sick tricks and some of the reports are very CTFy, in a good sense...
Bugcrowd researcher templates
Bugcrowd doesn’t stop to impress me recently. They created report templates that we can use. Importantly, they didn’t restrict the usage to their platform but they published them on the GitHub repo so you can also use them on other platforms. Here’s the repo:...
Learning GraphQL #1 – Basics
GraphQL is something that I’ve been willing to learn for a long time. Of course, I can understand the syntax or write a simple query but I lack the understanding of how things work from the developer’s perspective. So I’m going to make a series where we create a...
Bypassing CSP with dangling markup or WordPress
One of the XSS gurus - Gareth Heyes - described a cool method to bypass CSP with dangling iframes. https://portswigger.net/research/bypassing-csp-with-dangling-iframes This, however, was a cool bug but a bug in the browser so you probably won’t use this trick in...
Advanced search in VS Code
When looking for bugs in the source code, Visual Studio Code is my IDE of choice. One of the most common features I use is searching: searching for vulnerable code patterns, searching for function usages, searching for variable names - I do it all the time. VS Code is...