100 Conversations with Start-up Security Leaders
Why are run-of-the-mill, traditional pentests not delivering effective results? Time and time again, I speak to disappointed security practitioners who run one, or sometimes several,…
Category: Mix
Making $$$ with Clickjacking
Making $$$ with Clickjacking Source link
Bypassing Server-Side Request Forgery filters by abusing a bug in Ruby’s native resolver
Summary This is a security advisory for a bug that I discovered in Resolv::getaddresses that enabled me to bypass multiple Server-Side Request Forgery filters. Applications…
See technologies on the attack surface plus updates to Attack Surface Custom Policies and API keys
Tl;dr We’ve made some major improvements to data shown on the Surface Management page. We’ve also made a few updates to Attack Surface Custom Policies,…
AI’s Threat to Newsletters – Daniel Miessler
We’re about to see a blast of AI-generated newsletters, and most human creators won’t survive Created/Updated: April 10, 2023 AI-driven newsletters are almost here. As…
Discovering Cloud Assets Externally, with CloudEnum
Discovering Cloud Assets Externally, with CloudEnum Source link
Hunting IDOR with Z-winK (Part 2)
Hunting IDOR with Z-winK (Part 2) Source link
How to get greater bounties for MEDIUM and LOW risk reports? Account takeover – Stripe
How to get greater bounties for MEDIUM and LOW risk reports? Account takeover – Stripe Source link
What is TCP/IP? Layers and protocols explained
Alternatively titled, “Why the Internet Protocol Suite is an imaginary rainbow layer cake” A significant part of the process of creation is the ability to…
Nahamsec interviews Alyssa Herrera
Note that during these interviews I also moderate thus quality may vary. Profile 🐝 Got into hacking in middleschool Cicumventing security on school laptops. Bypass…
Intro to CSRF (Cross-Site Request Forgery) – Security Simplified
Intro to CSRF (Cross-Site Request Forgery) – Security Simplified Source link
Yorkshire Post Building Demolition #5
Yorkshire Post Building Demolition #5 Source link