Good Twitter thread on JavaScript based redirection and Cross-site Scripting.
https://twitter.com/ha...
Read More
Austin Schertz won the CodeMash CTF this year, and he dropped off his answers to all 19 challenges.&...
Read More
Post-CodeMash edition!
The Government of Gibraltar had a SQL Injection vulnerability in the s...
Read More
Pre-CodeMash Edition!
Adam Caudill is a personal friend of mine and has forgotten more about...
Read More
It's the holiday edition! No I'm kidding it's the same stuff as usual. Sorry.
App...
Read More
Hope everyone has a good holiday.
You probably heard that the Russian offices of ngnix were r...
Read More
Nice writup that explains a pivot from and iPhone app all the way through to domain access via chain...
Read More
My favorite thing this week: SwiftOnSecurity accidentally dropped a Confluence 0-day on Twitter.&nbs...
Read More
Fortinet is communicating with static keys and a simple XOR. Whoops.
https://sec-consult.com/e...
Read More
Github is starting SecurityLab. It's part knowledge sharing, part secure coding, part bounty h...
Read More
Great breakdown on finding bugs in an OAUTH flow
https://blog.teddykatz.com/2019/11/05/github-oauth-...
Read More
Microsoft has a really good article on using a semantic query language to find exploitable DOM XSS f...
Read More