😎🍁😮‍💨

a man in a tuxedo and bow tie is dancing in a crowd of people . ALT: a man in a tuxedo and bow tie is dancing in a crowd of people .

new week, new opportunities!

First try, pretty neat haha

I talk about this on the pod all the time, but CSRF is dead simple. You just need to know the conditions.

I'm not gonna recite them again here, but today a new condition came up:

No Content-Type header -> no CSRF restrictions
Same-site: None
POST
= CSRF

The research:

The Find Command YouTube video by TomNomNom

The 'find' command has a reputation of being a little tricky to use, so a while back I did made a short video about it www.youtube.com/watch?v=U2fs...

Ekko!

hi bsky! woke up to a lot of new followers, how’s everyone doing this Sunday?

weekend just started, what are you up to? Family, friends or some cool projects?

I’ll be working on some personal projects, but first: food and Rick and Morty

Have a good one!

Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE.
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...

a man wearing sunglasses and a hat is pointing at the camera . ALT: a man wearing sunglasses and a hat is pointing at the camera .

is this thing on?

sup