If you haven't yet watched my video from last week, please watch it or add it to the "Watch Later" playlist. In my opinion, it's a really cool bug! https://youtu.be/YYLqzj5-N7w
Articles by Issue
Do you allow yourself to rest?
As mentioned in the intro to the email, I just came back from the holidays. I had a lot of free time to think and I realised a sad fact about myself. I can't rest properly unless I'm on holiday 🙃. I always was very strict regarding my employment - no overtime,...
Salesforce Lightning Components Security
In my previous job, we had quite a lot of Salesforce applications for testing. A big part of them used Lightning Components and I will tell you that the bodies of those requests were a complete mess! There were tons of parameters but only a few were actually relevant....
Thoughts about a triage
There has been a lot of talk about triagers lately on Twitter. As much as I like Twitter, I don't think it's a good place to form out an idea about this situation. In my opinion, it's better to see a blogpost of a respected hacker to see what are his...
AWS security labs
For anyone interested in cloud security, these labs from KONTRA are a must-do. They are free and at the moment there are 13 labs available, covering different aspects of AWS security. The best thing about them is that they really make you understand the bug and see...
Is bug bounty good as a full-time job?
Bug bounty can be considered by many a dream job - you have no boss, you hack whenever you want and wherever you want and, of course, you make tons of money. This is a reality for some, but for many, it's not that simple. In the article "THE SHOCKING TRUTH...
How zseano approaches a new target?
There are many tips on the Internet about specific types of vulnerabilities. However, before actually exploiting anything you must first pick a target, discover the specific asset and then a specific functionality. There's little information about how to actually...
Unicode Normalization Vulnerabilities
Unicode normalization. It sounds awesome, doesn't it? Imagine finding a high-risk Unicode normalization bug and sharing it with your fellow pentesters or with your Twitter followers. They probably won't even know what this is and your respect will go over the...
A tool for “grepping the Internet”
WARCannon, a tool released on Black Hat is supposed to enable hackers to search for vulnerabilities on a large scale using data from CommonCrawl. It would be especially useful for those doing novel research like request smuggling. Then, testing the same bug on the...
How I always remember about things to do?
Note: what works for me might not work for you. Sometimes when I have a conversation on Twitter someone suggests me making a video about a topic. I tell them that I will come back in some time with the answer if I will do it or not. Then, when I eventually do, I see...