GitHub Security Lab has discovered multiple bugs in the DataHub application. The cool thing is that it's open-source, so the blog post includes the vulnerable code. You often ask me about ways to practice code review, and looking at vulnerable snippets is...
Writeups
Turning arbitrary file write into an RCE
Arbitrary file write is a very dangerous vulnerability, but its impact is more difficult to demonstrate than that of a file read bug. In a recent blog post, Maxence Schmitt and Lorenzo Stella from Doyensec describe a technique they used to turn arbitrary file write...
Web hacking takeaways from DiceCTF
As some of you may be aware, I began playing CTFs last year. Although I'm still struggling to find enough time to solve them, I try to read write-ups to improve my skills, as these tasks are a great learning resource. Last week, we played DiceCTF and the web tasks...
4-part series about hacking GitHub Actions workflows
If I were to predict what attacks will be growing in popularity in 2023, I would bet it’s different kinds of software development pipelines. It’s because they are getting more automated and do more things by themselves which opens more possibilities for nice attacks....
Hacking popular car manufacturers
I don’t know how about you but I’ve always been curious about car hacking. It’s just more tangible than hacking a website. Sam Curry published a thread about hacking cars. Not by taking them apart but by attacking their web-facing APIs....
Finding WAF bypass step-by-step
I really like this blogpost by @pmnh_ . He shows the whole process of constructing this crazy-looking payload from scratch. While you never can learn experience, the closest you can get is by understanding someone’s thought process and I think it was really well...
JustCatTheFish CTF writeups
I’m getting messages asking about some CTF writeups as I’m playing them quite regularly. I will make some video writeups but only once in a while. Other ones I and other JCTF players will do (sometimes we have to due to a good finishing position) will be published on...
3 cool bugs from 0xLupin’s H@cktivitycon talk
Roni Carta presented a few vulnerabilities on Hacktivitycon during the H1-702 Live Hacking Event in Las Vegas. I think it not only has great bugs in it but also it’s a fantastic example of how to make a technical presentation that’s also engaging and funny. Here are...
Bitbucket pre auth RCE
There’s a pre-auth RCE for Bitbucket which, as my Twitter feed claimed, is actively exploited in the wild. It was discovered by Assetnote which means the blogpost not only contains what was the bug but also how they found it and why it works....
Second Order Subdomain Takeovers and unusual DoS
In another episode of Bug Bounty Redacted, shubs showed us two unusual bugs: a second order subdomain takeover an account-level DoS somewhat similar to a pre-account takeover https://www.youtube.com/watch?v=tZxHEp_baMo