DNS Tools Comparison
The Story [EDIT 26/04/22] – I added a note on my personal conclusion about Amass with a note from a conversation with Caffix about why…
Category: Mix
Server-Side Prototype Pollution Scanner | Blog
Gareth Heyes | 13 March 2023 at 15:00 UTC We recently published some research on server-side prototype pollution where we went into detail on techniques…
[BugBounty] Decoding a $😱,000.00 htpasswd bounty
tldr; A Private Bug Bounty Program had a globally readable .htpasswd file. I cracked the DES hash, got access to development and staging environments and…
Open Source Hacking Lab | Guide on File Inclusion Vulnerability and Path Traversal Attack in PHP
Open Source Hacking Lab | Guide on File Inclusion Vulnerability and Path Traversal Attack in PHP Source link
Does Cybersecurity Require Programming?
Does Cybersecurity Require Programming? Source link
UMBC Cyberdawgs CTF: The Hacker One
UMBC Cyberdawgs CTF: The Hacker One Source link
Bypassing a WAF by Finding the Origin IP
Bypassing a WAF by Finding the Origin IP Source link
Attacking Language Server JSON RPC
Attacking Language Server JSON RPC Source link
Hacking CI/CD (Basic Pipeline Poisoning)
Hacking CI/CD (Basic Pipeline Poisoning) Source link
ToolTime – Cloud Recon 1
ToolTime – Cloud Recon 1 Source link
Framing, Part 1: Click-Jacking Etsy – Jack
Back in October, I found a couple of issues in Etsy, which when combined could be used in a click-jacking attack. Incorrect Error Handling Pretty…
Bug bounty and the EU Cyber Resilience Act – everything you need to know
The EU Cyber Resilience Act aims to protect Europe from increasingly sophisticated cyber-threats. The first quarter of 2023 has seen significant cybersecurity legislation coming out…