The final list looks like this: 1 - Dependency Confusion 2 - HTTP/2: The Sequel is Always Worse 3 - A New Attack Surface on MS Exchange 4 - Exploiting Client-Side Prototype Pollution in the wild 5 - Hidden OAuth attack vectors 6 - Cache Poisoning at Scale 7 - JSON...
Articles by Issue
Step-by-step process of writing CodeQL queries
CodeQL is one of the things I will learn in 2022. I even started writing some queries on Elastic codebase for the bounty vlog #2 but so far only for educational purposes. If there’s something that worries me about CodeQL, it’s the fact that resulting queries are...
Comparing site maps in Burp
I don’t know since when there is the feature in Burp of comparing sitemaps but I only heard about it recently. You can compare the sitemap from your between Burp’s projects. I think for this purpose, it would be good to save Burp’s project in a separate file once in a...
CSRF in GraphQL
GraphQL CSRF? There’s no CSRF with application/json content type, is there? It’s true but only partially - you won’t send this request from an HTML form: But, according to Tomasz Swiadek and Andrea Brancaleoni, middleware will commonly help us and the following...
Most interesting bugs from Rails’ 18 years of history
Ruby on rails is a gift from developers to hackers. I don’t consider it to be true but it’s what I sometimes think when I see how ruby enables some attacks by processing things differently than other technologies. Examples include GETs with bodies or using ; as...
Cross-origin does not mean cross-site
For a long time, I was using the terms cross-origin or cross-site interchangeably, thinking they mean the same. But they don’t. It has important implications in case of CSRFs and SameSite cookies (because they are not SameOrigin cookies). Origin Origin is simple. It...
Hacking GitHub actions
I don’t have a crystal ball but if I were to predict what we will be hacking in the future, I’d say we will be hacking more and more stuff around the web applications. That’s a trend that’s already present. Examples of such attacks are: cache poisoning or request...
Finding a Ruby deserialization gadget
Finding gadgets for deserialization bugs is not an easy task. But if you want to see how it’s done, check out this article by HTTPVoid about finding a deserialization bug in a recent version of ruby and turning it into an RCE. Ruby Deserialization - Gadget on Rails
TruffleHog V3
TruffleHog is one of the most common tools that you can use for scanning repositories to find secrets. It recently got even more powerful with the v3 version. It now supports over 600 credential detectors. Moreover, apart from returning the key, TruffleHog will make a...
Web3 learning corner #3 – preparing a BBRE video
Solidity, Blockchain, and Smart Contract Course – Beginner to Expert Python Tutorial At the moment, I am at 9h 50m of the solidity course on freeCodeCamp , just before the chapter about NFTs. I rather fast-forwarded through the Defi & Aave lessons but I will watch...