Latest lab write-up. Came out a bit long but very informative.

https://medium.com/@marduk.i.am/blind-sql-injection-with-conditional-responses-46ee90b5f2c0

Quickest way to reliably find business logic flaws is to change your mindset:

You're not looking for bugs, you're hunting for assumptions.

Somewhere out there, a dev assumed no one would ever do *that*. So be the first person to do it.

The Seven Stages of Bug Bounty grief

1.) Bug Bounty customer writes up rules and launches a program

2.) Bug bounty platform invites hackers

3.) Hacker provides a handful of findings

4.) Customer: “No not like that!”

5.) Hacker adds a few dozen findings that highlight a similar problem

6.) Customer: “Now listen here you little shi-“

7.) Hacker moves onto other programs - and possibly other platforms I am here

This is where Bug Bounty Platform reputation amongst the hacker community (which is - effectively - the "product") really matters. When customers sign-up to engage with security researchers through a platform so they can "check the box" that their application has been tested, and then abuse the trust that the hacker community has placed in the platform, everyone loses.

I know that Casey Ellis and co. at Bugcrowd as well as Jobert Abma and co. at HackerOne work hard to make sure that their customers are ready for what the hacker community will inevitably throw at them - but there are definitely times where a customer clearly signals that they never wanted the findings. They wanted to check the box.

And at the end of the day, if the hacker community gets mistreated by a customer, word will absolutely get around - and those hackers will vote with their feet.

I interview a hacker who hacked NASA in 60 seconds and he shows us how (a Real World Tutorial).

YouTube video: https://youtu.be/ZpdgqsviAiA

10 Ways to Protect Your Personal Data

POP3 vs IMAP

How to Prevent Phishing

HTTP Status Code

In bug bounty, nothing is as valuable as a good Proof of Concept to easily prove impact.

Recently, I wanted to showcase a simple Login CSRF (missing OAuth 2.0 "state" or PKCE) while using Google SSO.

This is the minimal NodeJS PoC I came up with: https://gist.github.com/lauritzh/90d68c0b68652882648e0ca9b8b6683e

Netflix — Bypassing Multi-Factor Authentication (MFA) - by @lyubo_tsirkov

https://link.medium.com/T0TLCUBNozb

Password Reset Poisoning with Host Header Injection

https://infosecwriteups.com/password-reset-poisoning-with-host-header-injection-345b902a9ca5

Bugbounty hunters/Pentesters life

Source:
https://www.reddit.com/r/ProgrammerHumor/comments/10skoit/bonus_points_if_you_can_spot_the_bug_as_well/

How I fuzz and hack APIs?

Understanding the API

Where to fuzz and how to fuzz?

Article:
https://rashahacks.com/how-i-fuzz-and-hack-api/

OSCP Preparation Guide by
@0xSh1v4

How `he` cleared OSCP in his First Attempt
0xsh1v4.github.io/posts/oscp/

Bypassing OGNL sandboxes for fun and charities

OGNL injections led to some serious remote code execution (RCE) vulnerabilities

https://github.blog/2023-01-27-bypassing-ognl-sandboxes-for-fun-and-charities/

FirebaseExploiter

a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable

Primarily built for mass hunting bug bounties and for penetration testing.

https://github.com/securebinary/firebaseExploiter

OTP Bypassing and Vulnerabilities from Email fields

https://link.medium.com/PPICJRwaQwb