CodeQL is a subject that gets mentioned here quite often. I hope it does interest you as much as I do. Today, I have for you an article with some basics of CodeQL and the way you can use it to find DOM-XSS in closed-source applications. The idea is to simply download...
Articles by Issue
GCP and AWS commands cheat sheet
In 2021 I think no one needs explaining what cloud is and why it's that popular. It solves many problems but it also presents new risks. If you are working in a security team, chances are that sooner or later you will have to learn about cloud security. If you do,...
Client-side secret scanner
I am excited! I've been trying to find a good approach to finding secrets in javascript for a while but I didn't find a good one. Usually, what I was doing during pentests was downloading the JS files locally using Burp and then scanning them using gitleaks. A browser...
5-year bug bounty journey
I really like talks like this where someone presents their whole journey. There's much more to learn from it than from 'I scored $XX,XXX bounty'. Today we will take a look at the 5-year bounty journey of shubs who made $850,000 in that period. Not doing it full-time....
Client-side path traversal
Client-side path traversal is a new name for me. Sam Curry mentioned it on his Twitter. I want to share it because I do see some use cases for this trick. It also means that we won't get rid of CSRFs that quickly. What is client-side path traversal about? Let's say...
How to access @company.com email address?
As promised, here's the hacking technique called ticket trick that I mentioned in the last issue. It was initially found by Inti De Ceukelaire, Head of hackers at intigriti. What is it about? Many companies allow access to some services to employers based on a fact...
Meditation
Many people, including me, have such an image in mind when first hearing about meditation. However, that's not the only way to meditate. The way more common one, practised by many people, looks more like sitting on a chair with closed eyes - nothing special from the...
Fuzzing WebSockets messages
A few issues ago I presented what is known as client-side WebSocket hijacking. However, this is not the only issue that can occur there. At the end, the backend still processes your input somehow. When it does, standard vulnerabilities with access control or injection...
Hack your resume
In the latest live recon, Nahamsec's guest was Jason Haddix. However, this wasn't a standard episode. This time, they focused on creating an InfoSec resume. If you want to know what things you should focus on to impress the HR or the security team, definitely watch...
Approaching GraphQL with turned off introspection
GraphQL is a query language that sits somewhere between the client and a backend system. The backend doesn't have to be a database - it might also be a microservice or even a 3rd party API. A few years ago it was only "something new" but today more and more companies...