Cache Me If You Can: Messing with Web Caching
In this talk, Louis covers 3 web cache related attacks: cache deception, edge side includes, and cache poisoning. Note: this was an awesomely dense, technical…
Category: Mix
Patch Diffing CVE-2023-28121 to Compromise a WooCommerce – RCE Security
Back in March 2023, I noticed an interesting security advisory that was published by Wordfence about a critical “Authentication Bypass and Privilege Escalation” (aka CVE-2023-28121)…
We want to check out your BChecks … | Blog
Emma Stocks | 03 July 2023 at 14:54 UTC Want to create customized scans without the hassle of learning advanced programming? Burp Suite’s got you…
Citrix Gateway Open Redirect and XSS (CVE-2023-24488) – Assetnote
Summary URL query parameters are not adequately sanitised before they are placed into an HTTP Location header. An attacker can exploit this to create a…
Reversing Citrix Gateway for XSS – Assetnote
One of the targets we looked at late last year was Citrix Gateway. Citrix Gateway is another of these “all-in-one” network devices, combining a load…
BChecks: Houston, we have a solution! | Blog
Ollie Whitehouse | 29 June 2023 at 12:46 UTC Scripted scan checks in Burp Suite Professional are now a thing … tl;dr Burp Suite Professional…
Major improvements to integrations – Detectify Blog
Customizable integrations for today’s security team Resolving vulnerabilities quickly depends on several factors, not least how effectively security and product development teams collaborate. Modern security…
Maximizing Performance with Wallarm Filtering Nodes in Amazon’s Global Infrastructure
Introduction In today’s digital landscape, ensuring the security and performance of web applications is paramount. To achieve optimal protection against cyber threats, organizations deploy web…
Bug Bytes #205 – Live Hacking, AI Hacking and Helicopter Hacking
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps…
MSF Pivoting X SocksProxy
[*] 최근에 MSF로 Pivoting 환경에서 테스팅이 필요한 경우가 있었습니다. 방법 자체는 어려운게 아니라 그냥 몸에 있는대로 진행하긴 했는데, 생각해보니 블로그에 정리했던 적은 없는 것 같아…
Introducing Integrated API Abuse Prevention to Combat Bad Bots
In recent years there’s been a rise in “API Abuse” attacks, which includes detrimental automated behaviors such as malicious bots, account takeover (ATO), credential stuffing,…
Bug Bytes #204 – Everything You Missed From NahamCon
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps…