XSS via reportError
reportError란 함수를 아시나요? Chrome 95, Firefox 93 버전에 추가된 글로벌 메소드로 JS의 uncaught exception을 콘솔이나 글로벌 이벤트 핸들러로 넘겨주는 기능을 수행합니다. PortSwigger 측에서 reportError 함수를…
Category: Mix
[tl;dr sec] #203 – Stealing CI/CD Secrets, Sliver & Cursed Chrome, Career Advice
My heart goes out to those facing violence, loss, and displacement. I hope there is a return to peace soon. In the meantime, I’ll try…
Extracted Wisdom Series: David Perell & Sam Parr
Premium Content This content is reserved for premium subscribers of Unsupervised Learning Membership. To Access this and other great posts, consider upgrading to premium. UpgradeLink…
Jailbreaking Humans vs Jailbreaking LLMs · Joseph Thacker
“Jailbreaking” an LLM and convincing it to tell you things it’s not supposed to is very similar to social engineering humans. This piece draws comparisons…
ZAP Map Local로 쉽게 Fake Response 만들기
보안 테스팅에선 HTTP Response를 자주 변경해야할 경우가 많습니다. 이럴 때 저는 보통 ZAP에선 breakpoint와 replace 기능, 그리고 스크립팅을 주로 사용했었습니다. (+Proxify의 DSL) 최근 일부 Proxy…
Israeli Footage & Analysis, WSFTP + MOVEIT, AI Explainability, Andreessen vs. Perell on Writing, and more…
Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original…
Spotlight on Injection
Welcome to the 12th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners.…
Passing the New OSEE Exam After Forgetting Everything
The Offensive Security Exploitation Expert (OSEE) certification is a legendary apex achievement among OffSec’s offerings, unabashedly featuring a skull logo and grim reaper iconography in…
New SEC Cybersecurity Regulation: CISO Requirements & Recommendations
The rule requires public companies to report material cybersecurity incidents and annually report on elements of their cybersecurity risk management and strategy. Companies that are…
Extracted Wisdom Series: Marc Andreesen and David Perell
Premium Content This content is reserved for premium subscribers of Unsupervised Learning Membership. To Access this and other great posts, consider upgrading to premium. UpgradeLink…
[tl;dr sec] #202 – KubeHound, Supply Chain Security Vendor Landscape, CSPM Evaluation Matrix
I hope you’ve been doing well! I’m thrilled to announce that Part 2 of Francis Odum’s supply chain security report is out! The post provides…
Bug bounty DIY: The pros and cons of managing vulnerability disclosure in-house
So you’ve decided that your business or organization should launch a bug bounty program, a great first step in taking the leap into crowdsourced vulnerability…