[tl;dr sec] #196 – How Secrets Leak in CI/CD, AI Threat Modeling, Supply Chain
I hope you’ve been doing well! What We’re Known For It’s long had a place in my heart, as I loved the TV show as…
Category: Mix
What Happens to Content When Top-Tier Presentation is Commoditized?
I think AI is about to massively improve the quality of our best content. But not for the reason you might expect. Not because AI…
Thoughts on the Eliezer vs. Hotz AI Safety Debate
The debate was quite fun to watch, but also frustrating. What irked me about the debate—and all similar debates—is that they fail to isolate the…
Punicoder – discover domains that are phishing you – honoki
So we’re seeing homograph attacks again. Examples show how ‘apple.com’ and ‘epic.com’ can be mimicked by the use of Internationalized Domain Names (IDN) consisting entirely…
RCE in Slanger, a Ruby implementation of Pusher – honoki
While researching a web application last February, I learned about Slanger, an open source server implementation of Pusher. In this post I describe the discovery…
Bug Bytes #209 – The only graphQL wordlist you need, ML bug hunting and VDP submissions
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps…
I’ve Got You Under My Skin, Bill Evans Solo Transcription – honoki
Download my transcription of Bill Evans’ piano solo in I’ve Got You Under My Skin below. The solo starts around the 1:04 mark on the…
XXE-scape through the front door: circumventing the firewall with HTTP request smuggling
In this write-up, I want to share a cool way in which I was able to bypass firewall limitations that were stopping me from successfully…
how I bruteforced my way into your Active Directory – honoki
Last May, I discovered that a critical vulnerability I had reported earlier this year had resulted in my first CVE. Since the combination of vulnerabilities…
yet another Bug Bounty Reconnaissance Framework – honoki
An example use case of bbrf, here integrating with subfinder from projectdiscovery.io Like anyone involved in bug bounty hunting, I have encountered a number of…
WILSON Cloud Respwnder – honoki
If you’re a Burp Suite user, you’ll be familiar with Burp Collaborator: a service that allows you to monitor out-of-band interactions to a remote server,…
Axel Springer National Media & Tech launches a public bug bounty program on Intigriti
Axel Springer has long been a pioneer in the digital publishing industry, with a vast portfolio of brands, such as Stepstone, Aviv, Idealo, BILD, Politico…