Archive
[HackerNotes Ep.97] Bcrypt Hash Input Truncation & Mobile Device Threat Modeling
We're back with some cool news items, including a recent Okta Bcrypt vulnerability, insights into crypto bugs, and some intricacies of Android and Chrome security. We also explore the latest research from Portswigger on payload concealment techniques, and the introduction of the Lightyear tool for PHP exploits.
[HackerNotes Ep.95 & Ep.96] Cookies, Caching & Attacking Chrome Extensions with MatanBer
We've got a HUGE double whammy HackerNotes. How to attack Chrome Extensions, understanding the extension threat model and diving deep into extension components. Then we finish off with a bunch of cool cookie parsing behaviours along with some clientside gadgets from the HeroV6 CTF writeup by Kevin Mizu.
[HackerNotes Ep.93] A Chat with Dr. Bouman - Life as a Hacker and a Doctor
In this week's HackerNotes, we cover Dr. Jonathan Bouman and his unique journey as both a Hacker and a Healthcare Professional. We've got some tips for long-term hunting and some prior experiences he’s had with Amazon's bug bounty program alongside some cool bugs.
[HackerNotes Ep.91] Zero to LHE in 9 Months (feat gr3pme)
Justin Gardner and gr3pme talk about his journey with Bug Bounty. We cover LHEs, tips for picking and unlocking targets, how to approach a target and a bunch of bugs ranging from ATO in a fintech provider, 0 user interaction ATO and abusing development environments in chains. Check it out below.
[HackerNotes Ep.89] The Untapped Bug Bounty Landscape of IoT w/ Matt Brown
Justin and Matt Brown discuss all things IoT, including the specializations and challenges in hardware hacking, Matt’s personal Methodology, what hardware you'll need to get started and a whole lot more. Check it out below!
[HackerNotes Ep.88] News, Tools, and Writeups
We're back and ready to deliver a bunch of new research including a new cheat sheet for URL validation bypass from Portswigger, the introduction of Sanic DNS as a high-speed DNS resolver, xsstools, WordPress POP to RCE, abusing CORs and the dockerization of Orange's Confusion Attacks, plus a lot more. This episode was written by Yujilik.