From my experience, it's not rare to see an application that has misconfigured CORS. However, there's a great chance this is not exploitable anyway. Either the application doesn't use cookies but an Authorization header instead, or the cookie has a...
Articles by Issue
A tool to find blind-XSS
When testing a website, ideally you have access to every user role in the system. However, it's often not the case, especially for bug bounties. Thus, access to the panel where contact us messages land is hard to obtain for most programs. However, that should not...
How to Hack APIs in 2021?
APIs are becoming more and more popular these days. That's why we, as hackers, must also follow the trend and focus more on API-related vulnerabilities. hakluke and Farah Hawa assembled a really great article about hacking APIs in 2021. It's really extensive...
HTTP/2 request smuggling
If you would tell me you only want to watch one security talk per year, without a doubt, I would tell you to watch the yearly James Kettle's research presented on DEFCON or Black Hat. This year, he came back with request smuggling but using HTTP2 which was meant...
How to get started in bug bounty? feat. STÖK and NahamSec
During DEFCON, there were some nice Red Team Village livestreams on Twitch. I found one particularly interesting where NahamSec talked with STÖK about starting in bug bounty. STÖK was a guest and NahamSec was a host but he still added some valuable tips. There were...
Exploiting differences in parsers
Last week, the article about securing XML implementations has been the most popular in other newsletters. Originally, I was going to also use that one but I decided to rather go for something unique while staying within the XML subject. Namely, I want to show you how...
Hotspots
Today, many of us are in a constant rush and with more to do than time for it. Many things are postponed to "when we finish X" which never comes because life always gives us new duties. We have so much to do that we have no time to think about what we should...
CodeQL and bugs in NSA’s application
Let's come back to the subject of source code review and CodeQL. CodeQL is a source code analysis tool that does more than just grepping the code for patterns. It runs a semantic analysis - it understands the code just like a compiler or interpreter. CodeQL tries...
Mistakes pentesters do in bug bounty
One more article from hakluke today: "HOW TO SUCCEED IN BUG BOUNTIES AS A PENTESTER". I like this one in particular. Why? Because I was in the exact same spot in 2019 as hakluke mentions in the article. I had 1 year of experience in pentesting, I could do a...
10 tips for beginner bug bounty hunters
Here are 10 tips from hakluke for crushing bug bounty in your first year. Watch the video here or read my notes here if you prefer. First, starting from nothing is hard. Even if you are coming from a security background, eg you were a pentester. Unlike in the video,...