Widespread prototype pollution gadgets by Gareth Heyes \u2028 portswigger.net/research/wides…

💥 New attack! Our researcher Arseniy Sharoglazov discovered a PHP's Arbitrary Object Instantiation with no user-defined classes. It was turned to RCE! Read the research: swarm.ptsecurity.com/exploiting-arb…

Security: Sanitizer API bypass via prototype pollution (reward: $1000) crbug.com/1306450

The prototype pollution mitigation is going to be huge! Here it is: github.com/syg/proposal-s…

finally wrote a new blog post, hopefully there's some interesting info blog.ankursundara.com/cookie-bugs/

Here is the technical details of MS Teams RCE I used in Pwn2Own Vancouver 2022! #shibuyaxss の資料公開しました！Pwn2Ownで賞金を獲得したTeamsの脆弱性について解説しています。 speakerdeck.com/masatokinugawa… (English) speakerdeck.com/masatokinugawa… (日本語) youtu.be/TMh_WbF9VnM (demo)

A writeup analysis of a simple logical vulnerability at Chrome for which Google VRP (Google Bug Hunters) paid me $16,000. Link: blog.slonser.info/posts/cve-2023… P.S. I have very few subscribers, so I am grateful for every repost #0day #Chrome #GoogleVRP #CVE

CVE-2024-21633 - MobSF Remote code execution detailed writeup qu35t.pw/posts/2024-216… #MobileSecurity #infosec

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2023! portswigger.net/research/top-1…

New blog post moopinger.github.io/blog/crlf/inje… Inspired by the great work of Sergey Bobrov

Content-Type research by Sergey Bobrov github.com/BlackFan/conte… #BBRENewsletter81

In 2024, I interacted a lot with Extensions. I decided to create a resource that will help with a basic understanding of extensions and key attacks. P.S. I tried to make everything as clear as possible and hope it won’t feel too overwhelming anywhere. extensions.neplox.security

A note about a vulnerable nginx configuration related to proxying requests to S3 [RU]: t.me/Black4Fan/15

I have published a tool based on jadx that helps analyze Java applications. github.com/BlackFan/BFScan BFScan generates HTTP requests and OpenAPI specs based on config files and class/method annotations. It also searches strings that look like URIs, paths, or secrets.

Which libraries define http endpoints in a similar way to add support for them?

Wrote a Burp Suite Pro extension that uses AI-powered features to replace values in HTTP requests. Useful for guessing data formats based on parameter or header names. For example, for requests from Swagger / OpenAPI or those generated by my tool BFScan. github.com/BlackFan/Burp-…

Implemented support for annotation parsing in class constructor arguments in BFScan. github.com/BlackFan/BFSca… If previously a lot of HTTP requests with obfuscated parameter names were generated for your APK, now the result should improve significantly.

📄 Cache Poisoning via S3 API: when JavaScript caching becomes an attack vector A common setup: a site stores static assets in S3, proxies requests to it, and caches "200 OK" responses. At first glance, everything looks correct — but one cache configuration detail turns this