Archive

[HackerNotes Ep.81] Crushing Client-Side on Any Scope with MatanBer

[HackerNotes Ep.81] Crushing Client-Side on Any Scope with MatanBer

MatanBer and Justin dropped a tonne of tips and tricks on client-side hacking and using DevTools effectively, as well as some recent POCs to escalate self XSS.

gr3pme
gr3pme
[HackerNotes Ep.80] Pwn2Own VS H1 Live Hacking Event (feat SinSinology)

[HackerNotes Ep.80] Pwn2Own VS H1 Live Hacking Event (feat SinSinology)

We're back with a monster episode featuring Sina Kheirkhah aka SinSinology, covering Pwn2Own strategies, .NET source code analysis, RCE research, IoT debugging, and tips for excelling in security research.

gr3pme
gr3pme
[HackerNotes Ep.79] The State of CSS Injection - Leaking Text Nodes & HTML Attributes

[HackerNotes Ep.79] The State of CSS Injection - Leaking Text Nodes & HTML Attributes

We're back with some weekly security including RCE via browser extensions, CSPT and a metric ton of CSS injection tips, tricks and techniques for you.

gr3pme
gr3pme
Full Time Bug Bounty Blueprint

Full Time Bug Bounty Blueprint

How to go Full-Time Bug Bounty: The Blueprint

gr3pme
gr3pme
[HackerNotes Ep. 78] Less Writing, More Hacking - Reporting Efficiency Techniques

[HackerNotes Ep. 78] Less Writing, More Hacking - Reporting Efficiency Techniques

Weekly security research, WAF bypasses and better reporting. Check it out in this HackerNotes post.

gr3pme
gr3pme
[HackerNotes Ep. 77] Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated

[HackerNotes Ep. 77] Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated

We've got fresh writeups including some MongoDB injections, ORMs, and exploits in Kakao and iOS before pivoting into staying motivated and avoiding burnout while hunting.

gr3pme
gr3pme
[HackerNotes Ep. 76] Match & Replace - HTTP Proxies' Most Underrated Feature

[HackerNotes Ep. 76] Match & Replace - HTTP Proxies' Most Underrated Feature

HackerNotes is back with some tasty exploit writeups, HackerOne AWC news and some match & replace tips for your next bug hunt.

gr3pme
gr3pme
[HackerNotes Ep. 74] Supply Chain Attack Primer - Popping RCE Without an HTTP Request

[HackerNotes Ep. 74] Supply Chain Attack Primer - Popping RCE Without an HTTP Request

Check out all things supply chain and dependency confusion below.

gr3pme
gr3pme
[HackerNotes Ep. 73] Sandboxed IFrames and WAF Bypasses

[HackerNotes Ep. 73] Sandboxed IFrames and WAF Bypasses

Content from NahamCon, WAF Bypasses, iFrame research and more!

gr3pme
gr3pme
[HackerNotes Ep. 72] Research TLDRs & Smuggling Payloads in Well Known Data Types

[HackerNotes Ep. 72] Research TLDRs & Smuggling Payloads in Well Known Data Types

Justin and Joel discuss some hot research from the past couple months. This includes ways to smuggle payloads in phone numbers and IPv6 Addresses, the NextJS SSRF, the PDF.JS PoC drop, and a GitHub Enterprise Indirect Method Information bug. Also, we have an attack vector featured from Monke!

gr3pme
gr3pme
[HackerNotes Ep. 71] More VDP Chats & AI Bias Bounty Strats with Keith Hoodlet

[HackerNotes Ep. 71] More VDP Chats & AI Bias Bounty Strats with Keith Hoodlet

Keith Hoodlet joins the guys to weigh in on the VDP Debate, followed by AI bias bounties and some of the techniques he used to claim first place in the recent DoD AI bug bounty program.

gr3pme
gr3pme
[HackerNotes Ep. 70]: NahamCon and CSP Bypasses Everywhere

[HackerNotes Ep. 70]: NahamCon and CSP Bypasses Everywhere

Metas' bug bounty program, NahamCon, CI/CD security and CSP bypasses.

gr3pme
gr3pme
FirstBack
12345
Next Last