Dawid Moczadło wrote a blogpost about finding an XSS in Swagger UI. Swagger is a very popular way of presenting API docs. Finding a bug like this allowed him to then find this bug at scale and get many bounties for it....
Articles by Issue
Trailing dot domain bypasses
Last week, I published a video on YouTube about my $1,500 bug in Stripe. It was a domain denylist bypass in a tool that is supposed to prevent SSRFs. https://youtu.be/Ga9o--v-grA The trick I used there was a trailing dot - I shared it in BBRE Premium before: 10...
Deserialisation explained
Deserialisation was one of the bug classes that I didn’t understand for a long time yet I thought it is a very good, advanced technique. You know, it has a cool name and usually results in an RCE. One of you suggested me this topic on our Discord, so here it is! Let’s...
Pentest mindset vs bug bounty mindset – my thoughts so far
I got interested in bug bounty a loong time ago, shortly after I discovered the web security industry. Since then I knew that I wanted to do it. I am not ashamed to admit that, at first, the main motivator was money. Especially, since I live in Poland where earnings...
Finding bugs that others miss
I miss bugs. You miss bugs. Everyone misses bugs. Just most often, we don’t even know that. But why do we miss bugs? This is the question that James Kettle is trying to answer in his talk called Hunting Evasive Vulnerabilities: Finding Flaws That Others Miss. Here are...
Smart contract security checklist
I haven’t fully gotten into the world of smart contracts security yet but I already see how costly mistakes are here. In this Stack Exchange thread, there’s a checklist for smart contract developers. It is surely not complete but a good starting point....
Copyright-based recon
Jason Haddix is very active on Twitter recently. Usually, I’m far from recommending Twitter to someone as a good learning source. It’s possible, no question about that, but it’s really hard to filter tips from other Tweets (and this includes my profile!). I’m mostly...
How to pick a bug bounty program?
Z-winK is a new YouTuber but I very much like his videos. He’s a successful bug hunter and I think our industry misses such people. In one of his videos, he shared the process of picking a bug bounty program. I took some notes for me and for you. Here they are. He...
Code Review Hotspots with Semgrep
Parsia, a senior security engineer at EA, wrote a great blogpost about using semgrep to... not find vulnerabilities. Semgrep is a code scanner and he uses it in two different ways: To find vulnerabilities. These rules must be fairly accurate and can be integrated with...
6 tricks that I used to solve all Web tasks from NahamCon CTF
Last week, I spoke at NahamCon about debugging. My talk is available here but only for subscribers of the NahamSec Twitch channel. It should be available on YouTube within a week or so so I’ll make sure to share it in the next issue. I also played the CTF. Although I...