The absence of charset information seems to be a minor issue for a web application. This blog post explains why this is a false assumption and highlights the critical security implications.

A case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). This incident is a prime example of how threat actors chain zer…

After a long day of trying and failing to find vulnerabilities on the Verizon Media bug bounty program I decided to call it quits and do some chores. I needed to buy gifts for a friends birthday and went online to order a Starbucks gift card.

Share your videos with friends, family, and the world

A misconfiguration in an organizations' setup of their live chat system allowed unauthenticated access to user chat histories with customer support agents.

(Ethically). Here's how I did it.

Retr0's Threat Research

the more complex it is, the more niche it is, the clearer the path will be

man is lazy by nature and tends to take the easy way out; the more the market is clogged, the more one must delve into the depths of knowledge to make a difference

-in this context…

The talk "Practical Exploitation of DoS in Bug Bounty" explains methods for identifying and exploiting Denial of Service (DoS) vulnerabilities in bug bounty programs. Starting with an overview of DoS attacks and their impact, we will highlight how these attacks…

Some time ago, while reading up on new CSS features, I asked myself: Is it possible to leak the entire content of an HTML text node only using CSS?

Last year Johan Carlsson discovered you could conceal payloads inside the credentials part of the URL . This was fascinating to me especially because the payload is not actually visible in the URL in

Discover the $3.5k bounty story about how CSP bypass unlocked a XSS vulnerability leading to account takeover

CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT). - doyensec/CSPTPlayground

Discover the hidden risks of using trivial packages in development. Learn how small, seemingly insignificant dependencies can lead to significant security vulnerabilities.