ZAP Custom En/Decoder 만들기
ZAP의 확장성은 Scripting Engine의 파워에서 나옵니다. URL, HTML, Base64 등 테스팅 단계에선 인/디코딩을 하는 경우가 굉장히 많은데요. 이 때 사용하는 Encode/Decode/Hash 기능 또한 Scripting으로 확장할…
Category: Mix
Robinhood Goes Long on Bug Bounty: Q&A with Ian Carroll and @ashwarya
Our conversation with Ian Carroll (Staff Security Engineer at Robinhood) spans the history of bug bounty at Robinhood, Ian’s approach to bug bounty program management,…
GitHub for Bug Bounty Hunters
GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for…
Proactively reduce risks with Attack Surface Custom Policies
Introducing Attack Surface Custom Policies If you’re responsible for security, then you know how useful it is to have clearly-defined security policies that are simple…
What’s My Bar for AGI? A Stand-up Comedy Routine
I’ll accept something as AGI when it can write a solid set of original jokes good enough to make real people laugh Created/Updated: March 20,…
Increase developer confidence with a great Django test suite
How to write tests for your Django applications that are painless and productive. Done correctly, tests are one of your application’s most valuable assets. The…
Race Condition + New Labs
Race Condition + New Labs Source link
Sensitive Information Disclosure
Trellix disclosed a bug submitted by ashishmurugan: https://hackerone.com/reports/1577793 Source link
Using Credentials to Own Windows Boxes – Part 3 (WMI and WinRM)
This is the third part of a series showing how to remotely execute commands (and “own”) Windows machines once you have compromised a set of…
How to see the impact installing BApps might have on Burp Suite | Blog
Matt Atkinson | 16 June 2022 at 13:50 UTC If you’ve ever installed any Burp extensions from the BApp Store, you’ll know that it’s a…
Client-Side Desync Attack (CSD)
🔍 Introduction Client-Side Desync(CSD) Attack은 HTTP Request Smuggling(HRS, Desync Attack)의 한 종류로 기존의 HRS가 Browser가 전송할 수 없는 형태의 HTTP Request를 임의로 전송하여 서버 또는…
What Does Belgium’s New Legal Framework On Hacking Mean For Me?
The Belgian government has recently announced a new Belgian law that will allow ethical hackers to hack any Belgian company without any prior permission. Historically,…