XXE-scape through the front door: circumventing the firewall with HTTP request smuggling
In this write-up, I want to share a cool way in which I was able to bypass firewall limitations that were stopping me from successfully…
Category: Mix
how I bruteforced my way into your Active Directory – honoki
Last May, I discovered that a critical vulnerability I had reported earlier this year had resulted in my first CVE. Since the combination of vulnerabilities…
yet another Bug Bounty Reconnaissance Framework – honoki
An example use case of bbrf, here integrating with subfinder from projectdiscovery.io Like anyone involved in bug bounty hunting, I have encountered a number of…
WILSON Cloud Respwnder – honoki
If you’re a Burp Suite user, you’ll be familiar with Burp Collaborator: a service that allows you to monitor out-of-band interactions to a remote server,…
Axel Springer National Media & Tech launches a public bug bounty program on Intigriti
Axel Springer has long been a pioneer in the digital publishing industry, with a vast portfolio of brands, such as Stepstone, Aviv, Idealo, BILD, Politico…
Take Care of Orphan APIs with Wallarm
The Wallarm API Discovery module has been further enhanced to enable customers to identify Orphan APIs and bring them under management. In this post we’ll…
ATHI — An AI Threat Modeling Framework for Policymakers
My whole career has been in Information Security, and I began thinking a lot about AI in 2015. Since then I’ve done multiple deep dives…
API4:2023 Unrestricted Resource Consumption
Welcome to the 5th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners.…
Impact of the New SEC Cyber Incident Reporting Rules on the C-Suite and Beyond
We recently hosted a compact and very engaging panel discussion about the new SEC Cyber Incident Reporting Rules due to come into effect later this…
Be a Hype Man For Your Friends · rez0
Explaining the benefits of hyping up your friends’ ideas. Amplify (ˈam·pləˌfī) verb: To make larger, greater, or stronger; enlarge; extend. Idea Amplification (īˈdēə ˌam·plə·fəˈkā·shən) noun:…
How Ethical Hackers Help the CISO Budget [4 Takeaways from CISOs]
Over the course of a few weeks, we had conversations with 50+ CISOs and security leaders from a wide range of industries, organization sizes, and…
[tl;dr sec] #195 – Kubernetes Exposed, SBOMs, Elastic’s Vuln Management
I hope you’ve been doing well! Hacker Summer Camp This year was my first time in Vegas since the pandemic, and I even managed to…