Category: Mix

When Assetnote Continuous Security (CS) monitors your attack surface, one of the things it looks for are instances of WebPageTest….

This writeup walks you through the full process as to how I found a pretty bad Insecure Direct Object Reference…

After a long day of trying and failing to find vulnerabilities on the Verizon Media bug bounty program I decided…

Slides Supplemental Serverless Toolkit available here: https://github.com/ropnop/serverless_toolkit Source link

From time to time we see postMessage bug in H1 hacktivity, some write ups mentioning the word postMessage, but do…

INTERVIEW WITH @_BASE_64 : 19 Y/o | TOP 150 WORLDWIDE on H1 | METHODOLOGY, MINDSET & MORE… Source link

I quite enjoy external Pentest, especially when the scope is large. There has been some really interesting stuff I have…

As a hacker and bug bounty hunter, I spend a lot of my time optimizing and improving. So, as a…

Cookie Tossing Source link

This is the story about how I’ve chained a seemingly uninteresting request smuggling vulnerability with an even more uninteresting header-based…

Broken Access Control – Lab #8 UID controlled by parameter, with unpredictable UIDs | Short Version Source link

When You Use One Wrong Javascript Module Source link