Why I Keep a Brag Document — and How It Can Help You
Because the fact is, it’s easy to have your work go unnoticed. Sure, as Engineers, we see our faces move around on the sprint board,…
Category: Mix
HackerOne Company Values Matter: Win as a Team
Each year, HackerOne employees nominate peers to receive the covetable Values Awards. Since its inception in 2022, the Values Awards have recognized three Win as a…
Actually Good Multimodal AI · Joseph Thacker
OpenAI just made a big move in the AI space with the release of GPT-4o (“o” stands for “omni”). This new model is crazy because…
One Apple Fanboy’s White-hot Anger at the iPad Commercial
Before I go into this, I want to articulate exactly how much of an Apple fanboy I am. I camped for the first iPhone I…
My OpenAI Event Predictions (May 2024)
I don’t have any insider knowledge—unless you count the Information article that just leaked about a possible Her-like assistant—but I think I have a good…
How to Find Remote Code Execution on WordPress [Example]
In this article, we’ll talk about a critical bug report where a hacker found a Remote Code Execution (RCE) on Nextcloud’s WordPress website in the source…
Kata Containers – Improper file permissions for read-only volumes
An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into…
Exploit Archeology – Exploiting an old unknown Server Side Browser
I was recently hacking on a Bug Bounty target and identified an interesting API endpoint which would render user supplied HTML, and execute any included…
ZAP 2.15 Review ⚡️ | HAHWUL
ZAP 2.15가 릴리즈되었습니다. OWASP를 나오는 이슈로 인해 2.14가 빠르게 출시됬던 상태라 2.15까지의 기간 또한 짧았네요. 오늘은 2.15 버전에 대해 빠르게 리뷰해봅니다. Scripts as First Class…
ISO 27001 and Pentesting: What You Need to Know
Today, most organizations have some level of information security, but often it consists of point solutions deployed independently and operating in silos. ISO 27001 promotes…
The Three Categories of AI Agent Auth · Joseph Thacker
As I’ve been discussing AI agent authentication with some brilliant people in San Fran this week, it’s become clear to me that there will likely…
GitLab – GitLab-Runner on Windows `DOCKER_AUTH_CONFIG` container host Command Injection
HackerOne bug report to GitLab: GitLab-Runner, when running on Windows with a docker executor, is vulnerable to Command Injection via the DOCKER_AUTH_CONFIG build variable. Injected…