Archive

[HackerNotes Ep. 69]: Johan Carlsson - 3 Month Check-in on Full-time Bug Bounty.

[HackerNotes Ep. 69]: Johan Carlsson - 3 Month Check-in on Full-time Bug Bounty.

CSP Bypasses in GitHub, GitLab Pipeline Criticals, Tips for Full-Time Bug Bounty, and a Browser Behavior Gadget with Johan Carls

gr3pme
gr3pme
[HackerNotes Ep. 68]: 0-days & HTMX-SS with Mathias

[HackerNotes Ep. 68]: 0-days & HTMX-SS with Mathias

Mathias is back with some fresh HTMX research, including CSP bypass using HTMX triggers, converting client-side response header injection to XSS, and bypassing HTMX disable. Some cool behaviour in Cloudflares image optimization functionality is also dropped to achieve partial open redirect.

gr3pme
gr3pme
[HackerNotes Ep. 67] VDPs & Accidental Program VS Hacker Debate Part 2

[HackerNotes Ep. 67] VDPs & Accidental Program VS Hacker Debate Part 2

The guys deep-dive on the topic of Vulnerability Disclosure Programs (VDPs) and whether they are beneficial or not. We also touch on the topic of leaderboard accuracy, and some methods of bypassing endpoints which have been restricted by WAFs or reverse proxies.

gr3pme
gr3pme
[HackerNotes Ep. 66] CDN-CGI Research, Intent To Ship, and Louis Vuitton

[HackerNotes Ep. 66] CDN-CGI Research, Intent To Ship, and Louis Vuitton

The guys cover the YesWeHack Louis Vuitton LHE, browser market shares and browser behaviours, OAuth redirect_uri bypasses, documented bug bounty journeys and Googles intent to ship features.

gr3pme
gr3pme
[HackerNotes Ep. 65] Motivation and Methodology with Sam Curry (Zlz)

[HackerNotes Ep. 65] Motivation and Methodology with Sam Curry (Zlz)

The guys sit down with Sam Curry to discuss the ethical boundaries of research, his methdology and approach to his research, and a bunch of other cool bugs he's found.

[HackerNotes Ep. 64] .NET Remoting, CDN Attack Surface, and Recon vs Main App

[HackerNotes Ep. 64] .NET Remoting, CDN Attack Surface, and Recon vs Main App

Exploiting .NET Remoting, Dom Purify Bypass, JS Deobfuscation, Delivering Impactful POCs, and Cloudflares CDN-CGI: Insights from Justin and Joel

gr3pme
gr3pme
[HackerNotes Ep. 63] JHaddix Returns

[HackerNotes Ep. 63] JHaddix Returns

Jhaddix returns on the pod covering: The Bug Hunters Methodology, target hunts, recon techniques, going deep on apps and more.

gr3pme
gr3pme
[HackerNotes Ep. 62] Frontend Language Oddities

[HackerNotes Ep. 62] Frontend Language Oddities

Justin and Joel are back with some additional research resources that didn’t make the Portswigger Top-Ten: HTML quirks, CSS injection, XSS, and JS analysis.

gr3pme
gr3pme
[HackerNotes Ep. 61] A Hacker on Wall Street - JR0ch17

[HackerNotes Ep. 61] A Hacker on Wall Street - JR0ch17

Justin is joined by Jasmin Landry to share some cool exploit chains, OAuth bugs and unexpected configuration file injection.

gr3pme
gr3pme
[HackerNotes Ep. 60] Our Take on PortSwigger's Top 10 Web Hacking Techniques of 2023

[HackerNotes Ep. 60] Our Take on PortSwigger's Top 10 Web Hacking Techniques of 2023

This episode is all about the Portswigger top 10 research of 2023. We’ve done our own spin on this, the HackerNotes top 5.

gr3pme
gr3pme
[HackerNotes Ep. 59] Bug Bounty Gadget Hunting & Hacker's Intuition

[HackerNotes Ep. 59] Bug Bounty Gadget Hunting & Hacker's Intuition

The guys drop some useful gadgets they look for when hunting, along with gadgets that get their hacker intuition firing.

gr3pme
gr3pme
[HackerNotes Ep. 58] Youssef Sammouda - Client-Side & ATO War Stories

[HackerNotes Ep. 58] Youssef Sammouda - Client-Side & ATO War Stories

Youssef and the guys sit down during the LHE to discuss all things ATO and client-side madness.

gr3pme
gr3pme
FirstBack
12345
Next Last