When you send a payload you want it to work. It might seem like the most obvious sentence I wrote since the beginning of the newsletter but it's not. Actually, what I want to show you is thinking the other way around - what to do with the payload so it...
Articles by Issue
Bypassing SameSite cookies
Gafnit Amiga shared a very nice writeup about the AWS SageMaker Jupyter Notebook instance takeover. The writeup contains a few cool tricks like exploiting self-XSS but what I'd like to focus on here is exploiting CSRF with modern browsers that default...
How to debug source code to find bugs?
Having the source code for analysing the app can be a massive help when looking for bugs. With the code, we can be sure how the functionality works and if we are able to bypass it or not. However, only having the code is not much help if you can't use it...
Learning path for mastering containers
Containers are yet another topic that gets more and more popular among developers. It means that we, as security people, also should understand what’s going on. Containers solve a lot of problems so in my opinion - they won’t lose popularity anytime soon. If you want...
Kubernetes security resources
Kubernetes is definitely a hot topic in IT. If you are a bit bored with what you have been doing for years or you are looking for new opportunities, Kubernetes can give you a strong position on the job market. If you are looking for resources to dig deep into its...
Cryptography bugs explained without complex maths
For a long time, I knew absolutely nothing about cryptography. At the beginning of my pentesting job, if I saw encrypted data, the only bug that I could think of is leaking the key. If I couldn’t then I’d just assume it’s secure. One of the reasons was whenever I...
Grafana path traversal
Lately, a path traversal bug was discovered in Grafana. There’s a really good blogpost about discovering the bug. https://j0vsec.com/post/cve-2021-43798/ You can also watch Nahamsec’s video about identifying and exploiting this bug:...
Dealing with difficulties in bug bounties
At Ekoparty Security Conference zseano had a talk “Staying sane in bug bounties” in which he gave some tips on doing bug bounties and dealing with difficulties that you will sooner or later encounter. Here are my notes from the talk. Issues you may face Some of the...
10 security pitfalls of Python
This article will be useful for hacking apps in any language! There’s a list on the Sonarsource blog with quirks and unexpected behaviours of Python that can mislead developers and result in security vulnerabilities. The article is soo good! Even if you know nothing...
Finding DOM-XSS with DOM invader
DOM invader is 2021’s addition to Burp Suite. If you are a long-time reader of the newsletter, you know how highly I rated filedescriptor’s Untrusted-Types for finding DOM-XSS. Well, DOM invader is even better. I’ll walk you through the usage of it. Enabling DOM...