If you are reading this on your laptop or desktop pc, then probably your phone is laying just next to it. Maybe you even received some notifications while reading this email. Perhaps you checked yourself if there's anything new on the web? Statistics say that we...
Articles by Issue
Everything about 2FA
With the number of password leaks in recent years, 2FA (2 Factor authentication) is implemented in more and more systems, of course, including those with bug bounty programs. There are quite a few things that can go wrong with implementing 2FA and you should...
Over 200 public pentest reports
Pentesting reports are usually confidential. If you do regular pentests, you know that your reports mustn't be shared with anyone. It's likely that you only saw reports from companies you worked in and you think that you just can't read other ones....
Free DNS tool
DNS protocol can be utilised for many different use cases: exploiting SSRF by DNS rebinding exploiting SSRF by multiple A records exfiltrating data when HTTP traffic is blocked even XSS! etc. However, setting up the DNS server for all that purposes is definitely not...
Generating a web application
This is not really a security link but I just wanted to send you this. Imagine.ai is a free service that generates a REST API for you based on the model that you create. Like many new things, it uses artificial intelligence. It's probably the trend that more and...
How to not plan the day?
Let's say it's a Saturday and I'm creating the video for Monday. I do have some time because there's still Sunday coming when I can finish it but I'd rather do more on Saturday and have Sunday free. I don't have anything special scheduled - the...
Testing iOS apps without physical device
Anyone who ever tested iOS applications knows that it's neither an easy nor well-documented process. It's really hard to start and tools change all the time. Partly, the reason for that is that you needed a physical device with the iOS version vulnerable to...
50 SSRFs found in ColdFusion
3 weeks ago on my channel, I published a video about 0-day in Lucee that was exploited on Apple server. The video is doing really well, closing in on 10k views so you probably saw it already and you are familiar with ColdFusion and CFML tags. Turned out that 50 (!)...
Many struggled for hours, he did it in 57 minutes
What an XSS-themed issue of the BBRE newsletter this is... This time take a look from yet another side. Intigriti is known for awesome and really hard monthly XSS challenges. The June XSS challenge was completed only by 16 hackers! It's hard to tell how many tried...
Finding DOM-XSS with Untrusted Types
Speaking of DOM-XSS... It's definitely the hardest XSS type to find. I remember when I was at the presentation by Krzysztof Kotowicz from Google about Trusted Types where he mentioned how many of their bug bounty reports are DOM-XSS. I was like "DOM-XSS? I...