Get as image function pulls any Insights/NRQL data from any New Relic account (IDOR)
This writeup walks you through the full process as to how I found a pretty bad Insecure Direct Object Reference (IDOR) in New Relic. In…
Category: Mix
Hacking Starbucks and Accessing Nearly 100 Million Customer Records
After a long day of trying and failing to find vulnerabilities on the Verizon Media bug bounty program I decided to call it quits and…
OWASP Chicago 2018 – Pentesting with Serverless Infrastructure
Slides Supplemental Serverless Toolkit available here: https://github.com/ropnop/serverless_toolkit Source link
The Mystery of postMessage – Ron Chan
From time to time we see postMessage bug in H1 hacktivity, some write ups mentioning the word postMessage, but do you really know what is…
INTERVIEW WITH @_BASE_64 : 19 Y/o | TOP 150 WORLDWIDE on H1 | METHODOLOGY, MINDSET & MORE…
INTERVIEW WITH @_BASE_64 : 19 Y/o | TOP 150 WORLDWIDE on H1 | METHODOLOGY, MINDSET & MORE… Source link
Enumerating hard to guess AD username format
I quite enjoy external Pentest, especially when the scope is large. There has been some really interesting stuff I have found in the past but…
Tips and Scripts from a Hacker Dad · rez0
As a hacker and bug bounty hunter, I spend a lot of my time optimizing and improving. So, as a father of three, I work…
Cookie Tossing
Cookie Tossing Source link
Smuggling an (Un)exploitable XSS – RCE Security
This is the story about how I’ve chained a seemingly uninteresting request smuggling vulnerability with an even more uninteresting header-based XSS to redirect network-internal web…
Broken Access Control – Lab #8 UID controlled by parameter, with unpredictable UIDs | Short Version
Broken Access Control – Lab #8 UID controlled by parameter, with unpredictable UIDs | Short Version Source link
When You Use One Wrong Javascript Module
When You Use One Wrong Javascript Module Source link
Basic recon to RCE II
I originally wanted to name this article “The RCE that everyone missed”, but since it was too “clickbait”, this is the title you see now.…