This year I released a challenge for the Full Stack Web Attack class: Whilst several people had solved the challenge,…
When Assetnote Continuous Security (CS) monitors your attack surface, one of the things it looks for are instances of WebPageTest….
This writeup walks you through the full process as to how I found a pretty bad Insecure Direct Object Reference…
After a long day of trying and failing to find vulnerabilities on the Verizon Media bug bounty program I decided…
Slides Supplemental Serverless Toolkit available here: https://github.com/ropnop/serverless_toolkit Source link
From time to time we see postMessage bug in H1 hacktivity, some write ups mentioning the word postMessage, but do…
Unfortunately, my thought process wasn’t that complex when I suddenly had to talk to a federal agent on my phone…
Recently, Microsoft released a series of patches to address around 80 security vulnerabilities, including two zero-day exploits. One of the…
INTERVIEW WITH @_BASE_64 : 19 Y/o | TOP 150 WORLDWIDE on H1 | METHODOLOGY, MINDSET & MORE… Source link
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Samsung, Vivo, Google phones open…
I quite enjoy external Pentest, especially when the scope is large. There has been some really interesting stuff I have…
As a hacker and bug bounty hunter, I spend a lot of my time optimizing and improving. So, as a…