New blog post: Perfect types with `setHTML()` - frederikbraun.de/perfect-types-with-setht... - TLDR: Use require-trusted-types-for 'script'; trusted-types 'none'; in your CSP and nothing besides setHTML() works, essentially removing all DOM-XSS risks....

[Bug report]: Potential dangerous line in file `wso2-enterprise-integrator.txt` · Issue #1267 · danielmiessler/SecLists I discovered while using the wordlist wso2-enterprise-integrator.txt that one of its entry tries to exploit what seems to be a SSRF to a (external or local ?) server : carbon/wsdl2code/index.jsp?ge...

Would you read your fuzzing wordlist before using it?

What if there is a destructive query or an attacker payload inside?

github.com/danielmiessl...

Now live on tools.honoki.net/smuggler.html

Let me know what you think! ✨

I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥

The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇

gmsgadget.com

1/4

Finding Freedom, One Bug at a Time: My Journey from Pentester to Full-Time Hunter After seven years in pentesting, I transitioned full-time into bug bounty hunting, leveraging deep experience and continuous learning. This article shares key moments and insights from that journey.

Today was my last day as a pentester at Bsecure. After a three-year journey of hunting on the side, I’m ready to go all-in as a full-time bug bounty hunter. You can read about my journey from pentester to full-time hunter here: gelu.chat/posts/from-p...

Documenté, Sourcé, Miniaturé, Plus qu'à... Siroter ! 🎁
Cc @maltemo.bsky.social 🤝 @KharaTheOne (X)

www.youtube.com/live/we_T4x6...

Intéressant, attribution officielle par l'état Français de l'attaque TV5 Monde à l'APT28 appartenant au GRU.

bsky.app/profile/gabr...

Making the Unexploitable Exploitable with X-Mixed-Replace on Firefox - The Spanner In this post, we’ll look at an interesting difference in how Firefox and Chrome handle the multipart/x-mixed-replace content type. While Chrome treats it as an image, Firefox renders it as HTML - some...

Firefox treats multipart/x-mixed-replace like HTML. Chrome doesn’t.
That tiny difference? It can turn a "non-exploitable" XSS into a real one.
Abuse boundary handling, bypass filters, and make your payload land.

thespanner.co.uk/making-the-u...

Blip @maltemo.bsky.social Bloup @KharaTheOne (X) Boum 💣️
www.twitch.tv/thelaluka

Cross-Site WebSocket Hijacking Exploitation in 2025 - Include Security Research Blog Include Security's latest blog post covers Cross-Site WebSocket Hijacking and how modern browser security features do (or don't) protect users. We discuss Total Cookie Protection in Firefox, Private N...

Do you use WebSockets? Read our latest blog post to find out how modern browsers may (or may not) be protecting you from Cross-Site WebSocket Hijacking.

blog.includesecurity.com/2025/04/cros...

I was reading Chromium source code from a website that doesn’t have search bar or any indexing and searched my way with google dorks: chromium.googlesource.com/chromium/src...

I just discovered there is an index version featuring function hovering and linking 🤦‍♂️:
source.chromium.org/chromium/chr...

Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls YouTube video by Black Hat

🔥 My Black Hat talk is now live! 🎥

Watch how email parsing quirks turned into RCE in Joomla and critical access control bypasses across major platforms. See how these subtle flaws led to serious exploits!

www.youtube.com/watch?v=Uky4...

SAML roulette: the hacker always wins Introduction In this post, we’ll show precisely how to chain round-trip attacks and namespace confusion to achieve unauthenticated admin access on GitLab Enterprise by exploiting the ruby-saml library

You might have noticed that the recent SAML writeups omit some crucial details. In "SAML roulette: the hacker always wins", we share everything you need to know for a complete unauthenticated exploit on ruby-saml, using GitLab as a case-study.

portswigger.net/research/sam...

The State of Secrets Sprawl Report | GitGuardian

Great resource on secret leakage, I invite you to read it.

I published my Documentation of CAN Arsenal for @kalilinux NetHunter

👇👇👇

v0lk3n.github.io/NetHunter/CA...

It should be released as experimental version in 2025.1!

I will keep updating it and add functionality to it!

@yesimxev @kimocoder
#NetHunter #KaliLinux #CarHacking #CANBus

n0rdy - What Okta Bcrypt incident can teach us about designing better APIs

A few weeks ago, I've learned about the Okta Bcrypt incident from the @gergely.pragmaticengineer.com newsletter, and it made me wonder about the API choices by crypto libraries that allowed this incident to be unnoticed for years. My new post explores the topic. Enjoy! =)
n0rdy.foo/posts/202501...

CSP: trusted-types - HTTP | MDN The HTTP Content-Security-Policy (CSP) trusted-types Experimental directive instructs user agents to restrict the creation of Trusted Types policies - functions that build non-spoofable, typed value...

I got my answer, it’s the CSP that blocks an attacker from adding another Trusted Type. You can’t add a new trusted type if it’s name is not stated in the CSP. You can’t replace an existing one unless the 'allow-duplicates' is stated in the CSP.

Source: developer.mozilla.org/en-US/docs/W...

Health insurance OK???
COOL! Part 2/3 then!

www.youtube.com/watch?v=CKqr...

EP 177 | Techno Watch January Ft. @Drypaints @Maltemo @pentest_swissky YouTube video by Laluka

Hi it's me again, I've been calling for a while now, you need to pay your health insurance Sir...
Or have some replays? 😏

La dernière Techno Watch avec @Drypaints @Maltemo et @pentest_swissky !🌿

www.youtube.com/watch?v=ysen...

1/2

Twitch Twitch is the world

Yop ! 🌿
Reprise des veilles technos ce soir 21h ! 🌖
En compagnie de @drypaint.bsky.social @maltemo.bsky.social @swissky.bsky.social 😎

~ See you there ~
www.twitch.tv/thelaluka

Question about Trusted Types :
What blocks an attacker from creating it’s own Trusted TypePolicy from the TrustedTypePolicyFactory with a function that doesn’t sanitize input data ? Am I missing something ?

Stealing HttpOnly cookies with the cookie sandwich technique In this post, I will introduce the "cookie sandwich" technique which lets you bypass the HttpOnly flag on certain servers. This research follows on from Bypassing WAFs with the phantom $Version cookie

Hot out of the oven! The Cookie Sandwich – a technique that lets you bypass the HttpOnly protection! This isn't your average dessert; it’s a recipe for disaster if your app isn’t prepared: portswigger.net/research/ste...

@fox0x01.bsky.social just reported an account trying to impersonate you : [@]foxox01.bsky.social

Burp suite pro tips and tricks for hacking Burp suite pro tips and tricks for hacking - Download as a PDF or view online for free

Somebody uploaded to SlideShare the slides of my talk at @northsec.bsky.social 2023 🌐

It’s the sequel of the first @burpsuite.bsky.social talk I ever gave, exactly 10 years before 🛠️

Enjoy these 50 slides of Burp tips 🎁🎅

hear me out, pass the certificate auth on nxc 🔥

Want to run roadrecon, but a device compliance policy is getting in your way? You can use the Intune Company Portal client ID, which is a hardcoded and undocumented exclusion in CA for device compliance. It has user_impersonation rights on the AAD Graph 😃

Just discovered this nice resource about DOM Clobbering attacks :
domclob.xyz

Thank you Soheil for this amazing work