Refine your recon methods or learn totally new ones! Follow top hacker, OrwaGodfather as he introduces you to new and precise tactics that you may have never tried.

Sign-up for your Bugcrowd account to follow along: https://bugcrowd.com/user/sign_up

Follow…

Explore the resilience of the new Hugging Chat Assistance to Sleepy Agent and Image Markdown Rendering vulnerabilities.

📌 [ 繁體中文 | English ] Hey there! This is my research on Apache HTTP Server presented at Black Hat USA 2024. Additionally, this research will also be presented at HITCON and OrangeCon. If you’re int

Web application Vulnerability Writeup

An introduction to CSPT, including some advances WAF bypass and exploitation techniques.

dangerouslySetInnerHTML is dangerous, and using it carelessly will create XSS vulnerabilities in your application. In this article, we discuss why the property is there, how you can use it, and how the Signal messenger misused it.

On June 11th, 2024, we discovered a set of vulnerabilities in Kia vehicles that allowed remote control over key functions using only a license plate. These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless…

Master programming by recreating your favorite technologies from scratch. - codecrafters-io/build-your-own-x

Web cache poisoning is a type of attack that targets the caching mechanisms used by web browsers, proxy servers, and other intermediaries to temporarily store and serve previously requested web content. The goal of a web cache poisoning attack is to trick…

CSP Bypasses in GitHub, GitLab Pipeline Criticals, Tips for Full-Time Bug Bounty, and a Browser Behavior Gadget with Johan Carls

Hi after going through all the Black Hat and DEFCON web security researches in 2024 , I noticed that the easiest way to break web apps is…