If you have ever run npm audit command, you probably saw hundreds of alerts about prototype pollution. The majority of them are false positives - unexploitable in real life. However, this vulnerability is definitely not just a noise, especially in Node.js...
Articles by Issue
Metaskills
Learning XXS, XXE, deserialization any different bug class. It's what we often think about when talking about being a better hacker. However, there's a whole bunch of non-security related skills that may yield you even better return on invested time. I call them...
CI/CD Pipeline threat matrix
As we see from Dependency Confusion or “CI Knew There Would Be Bugs Here” — Exploring Continuous Integration Services as a Bug Bounty Hunter, CI/CD security is at least as important as the security of the application itself. At my last job, I was learning about these...
HTTP/2 Request smuggling labs
Portswigger released the long-awaited WebSec academy labs about HTTP/2 request smuggling. I haven't yet done them but surely I will do. Did you try them already? If yes, let me know what was the hardest part for you. Maybe it's worth making a video about it🤔...
Turbo Intruder observedWords
If during the passive scan you mark learn observed words setting, you will have the observedWords wordlist available to you in the Turbo Intruder. It's a dynamic list of words that Burp sees in your target. You can access it by wordlists.observedWords....
Speed-up your dorking
Installing the binary git clone https://github.com/tomnomnom/hacks cd webpaste go build Installing the extension Chrome > 3 dots > More tools > Extensions Enable Developer Mode Click Load unpacked and mark the extension folder which is inside the webpaste...
Million from bug bounty in 4 Years
Ozgur Alp lately passed $1 mln earned from bounties. That's a huge achievement. Thankfully for us, he decided to write a blogpost with a few tips about how to follow in his footsteps. I do encourage you to read the whole article but here are my most important...
gRPC and protobuf – what is this all about?
I see protobufs and RPC quite a lot lately. First, I saw protobufs in the CloudKit hack (you will see a video on my channel about it). Then I found a $500 bug affecting gRPC (a really simple vulnerability, I hope to disclose it once resolved) and this week I saw an...
Prototype pollution writeups
A few weeks ago in the newsletter, I told you a bit about the prototype pollution vulnerability class. In the last 2 weeks, I found 2 cool write-ups about this vulnerability class. One is Ngo Wei Lin's solution to the challenge by Michał Bentkowski....
Discovery and exploitation of RCE via deserialization
Shubham Shah, one of the hunters I follow most closely, released a writeup about finding a deserialization RCE in Sitecore Experience Platform CMS. He describes the whole process, from approaching the codebase of .NET applications, up to the command used to prepare...