We just published “Nothing new under the Sun – Discovering and exploiting a CDE bug chain”, a new article by our [email protected]. He chains a printer name injection bug in dtprintinfo and a stack bof in libXm to achieve LPE to root on a fully-patched Solaris 10. security.humanativaspa.it/nothing-new-un…

I've made $500k+ from SSRF vulnerabilities. Here are my tricks:

Fourth article of the series "Extending Burp Suite for fun and profit - The Montoya way" is out! Topic: creating new tabs for processing HTTP requests and responses! security.humanativaspa.it/extending-burp…

A quick overview and some tips on how to handle and exploit Java applets and serialized Java objects in the present day using Burp Suite. security.humanativaspa.it/java-applet-se…

Katie Paxton-Fear 4. Brida, Burp to Frida bridge Bridges Burp and Frida, enabling traffic manipulation across multiple platforms. Simplifies mobile testing with direct function usage for data encryption/decryption, offering custom plugins, tabs, menu options and more. portswigger.net/bappstore/2c0d…

Fifth article of the series "Extending Burp Suite for fun and profit - The Montoya way" is out! Topic: adding new functionalities to the context menu! security.humanativaspa.it/extending-burp…

Sixth article of the series "Extending Burp Suite for fun and profit - The Montoya way" is out! Topic: adding new checks to Burp Suite Active and Passive Scanner! security.humanativaspa.it/extending-burp…

Display responses that came from a server-side cache (Varnish/Cloudfront) with this filter bambda: return requestResponse.response().headerValue("X-Cache").toLowerCase().contains("hit");

Great article on fault injection by my colleague inode. Definitively worth a read! security.humanativaspa.it/fault-injectio…

Seventh article of the series "Extending Burp Suite for fun and profit - The Montoya way" is out! Topic: using the Collaborator in Burp Suite plugins! security.humanativaspa.it/extending-burp…

Eighth article of the series "Extending Burp Suite for fun and profit - The Montoya way" is out! Topic: BChecks - A quick way to extend Burp Suite Active and Passive Scanner! security.humanativaspa.it/extending-burp…

The unattainable unicorn in fault injection! Our latest article reveals that single-bit faults are possible on ESP32. Discover how some bits are easier to flip and why lowest voltage isn't always best. Join inode in his #hardwarehacking quest. security.humanativaspa.it/fault-injectio…

A few notes and examples on a topic I've been exploring recently: AI red teaming on LLM-based applications! security.humanativaspa.it/attacking-gena…