Archive

[HackerNotes Ep.88] News, Tools, and Writeups

[HackerNotes Ep.88] News, Tools, and Writeups

We're back and ready to deliver a bunch of new research including a new cheat sheet for URL validation bypass from Portswigger, the introduction of Sanic DNS as a high-speed DNS resolver, xsstools, WordPress POP to RCE, abusing CORs and the dockerization of Orange's Confusion Attacks, plus a lot more. This episode was written by Yujilik.

gr3pme
gr3pme
[HackerNotes Ep.86] The X-Correlation between Frans & RCE - Research Drop

[HackerNotes Ep.86] The X-Correlation between Frans & RCE - Research Drop

Frans Rosen and Justin sit down to discuss and drop gold on X-correlation injection, with impacts and POCs ranging from JSON injection to RCE.

gr3pme
gr3pme
[HackerNotes Ep.85] Practical Applications of DEFCON 32 Web Research

[HackerNotes Ep.85] Practical Applications of DEFCON 32 Web Research

The team are back with a whole bunch of tips and tricks off of the back of the research dropped at Defcon.

gr3pme
gr3pme
[HackerNotes Ep.84] 0xLupin & Takeaways from Google's Las Vegas BugSwat

[HackerNotes Ep.84] 0xLupin & Takeaways from Google's Las Vegas BugSwat

In this HackerNotess, Justin and Roni Carta (@0xLupin) discuss their MVH win at the recent Google LHE, and drop some valuable takeaways from the event.

gr3pme
gr3pme
[HackerNotes Ep.81] Crushing Client-Side on Any Scope with MatanBer

[HackerNotes Ep.81] Crushing Client-Side on Any Scope with MatanBer

MatanBer and Justin dropped a tonne of tips and tricks on client-side hacking and using DevTools effectively, as well as some recent POCs to escalate self XSS.

gr3pme
gr3pme
[HackerNotes Ep.80] Pwn2Own VS H1 Live Hacking Event (feat SinSinology)

[HackerNotes Ep.80] Pwn2Own VS H1 Live Hacking Event (feat SinSinology)

We're back with a monster episode featuring Sina Kheirkhah aka SinSinology, covering Pwn2Own strategies, .NET source code analysis, RCE research, IoT debugging, and tips for excelling in security research.

gr3pme
gr3pme
[HackerNotes Ep.79] The State of CSS Injection - Leaking Text Nodes & HTML Attributes

[HackerNotes Ep.79] The State of CSS Injection - Leaking Text Nodes & HTML Attributes

We're back with some weekly security including RCE via browser extensions, CSPT and a metric ton of CSS injection tips, tricks and techniques for you.

gr3pme
gr3pme
Full Time Bug Bounty Blueprint

Full Time Bug Bounty Blueprint

How to go Full-Time Bug Bounty: The Blueprint

gr3pme
gr3pme
[HackerNotes Ep. 78] Less Writing, More Hacking - Reporting Efficiency Techniques

[HackerNotes Ep. 78] Less Writing, More Hacking - Reporting Efficiency Techniques

Weekly security research, WAF bypasses and better reporting. Check it out in this HackerNotes post.

gr3pme
gr3pme
[HackerNotes Ep. 77] Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated

[HackerNotes Ep. 77] Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated

We've got fresh writeups including some MongoDB injections, ORMs, and exploits in Kakao and iOS before pivoting into staying motivated and avoiding burnout while hunting.

gr3pme
gr3pme
[HackerNotes Ep. 76] Match & Replace - HTTP Proxies' Most Underrated Feature

[HackerNotes Ep. 76] Match & Replace - HTTP Proxies' Most Underrated Feature

HackerNotes is back with some tasty exploit writeups, HackerOne AWC news and some match & replace tips for your next bug hunt.

gr3pme
gr3pme
[HackerNotes Ep. 74] Supply Chain Attack Primer - Popping RCE Without an HTTP Request

[HackerNotes Ep. 74] Supply Chain Attack Primer - Popping RCE Without an HTTP Request

Check out all things supply chain and dependency confusion below.

gr3pme
gr3pme
FirstBack
12345678
Next Last