Intro Ever got that gnarly web app pentest with a session lifetime of 2 minutes, thinking it would take at most 15 minutes to set up the session rotation and then spent 4 hours trying to make five...

The backstory So… I’ve been in the field of Web PT for over 4 years so far, and I’ve always been frustrated with testing in Chrome compared to Firefox. You can bootstrap a fresh Firefox to work wi...

I’ve seen this topic come up a number of times since the BurpSuite 2023 was released, but it seems that the Google’s top search results still show outdated information. Since the release of new Bu...

Intro If you do source code reviews on a regular basis, you are bound to eventually stumble upon the use of pseudo-random number generators (PRNGs) to generate secrets like reset tokens or tempora...

Intro At the very start of the ML hype, I decided to look at some open-source bug bounty programs on the huntr.com platform. I ended up choosing the MLFlow program, as it had some interesting bugs...

Intro I last visited Hackthebox quite a while ago, and I was delighted to see that the team has added cool challenges for our blue teamers, too! They are called HTB Sherlocks. In each Sherlock, y...

Intro Long story short, while preparing for my OSWE exam back in early 2022, I stumbled over a list of OSWE-like HTB boxes, and decided to give it a try. Celestial was one of them. While it was a ...

Does anybody even need this? :D Expanding on the topic So, in my first article, we explored the possibility of abusing excessive server-side file read and write permissions to perform an RCE ...

SELECTing your way to RCE. A way to pwn Postgres without stacked SQLi queries An unusual problem A while ago I stumbled upon a very specific instance of a Postgres SELECT SQLi. The DB data was of...

New Burp feature On October 20th, 2023 Portswigger released a neat feature – Java Bambdas. Basically, they are just Java code snippets dynamically compiled and run by BurpSuite. At the time of wri...