For those who want to know more about me and my work at Cobalt.io check the interview I gave to their blog. https://cobalt.io/blog/interview-with-david-sopas-dsopas/ #kudos to […]
Google Chrome XSS bypass by BruteLogic
#ChromeBypass <svg><script>0<1>alert('XSS')</script> pic.twitter.com/msMpVmplUo — Brute Logic (@brutelogic) August 10, 2015
Drive it like you hack it – Samy Kamkar at Defcon 23
Drive it like you hacked slides at Defcon 23 by Samy Kamkar. Very cool car hacking talk. http://samy.pl/defcon2015/
How do I Shot Web – Jason Haddix at DEFCON 23
How to Shot Web – Jason Haddix at DEFCON 23 – See it Live: Details in Description from bugcrowd
ArubaNetworks Avatar Image XSPA
I found out that was possible to run a XSPA [Cross Site Port Attacks] using Avatar URL option on any registered community profile. XSPA allows attackers […]
DomFlow – Untangling the DOM for easy juicy bugs
Interesting reading about DOM vulnerabilities by Ahamed Nafeez. https://speakerdeck.com/skepticfx/domflow-untangling-the-dom-for-easy-juicy-bugs @BlackHat USA 2015
Details on the Cross-Site Request Forgery Vulnerability Disclosed at Black Hat
Also, there are no known safe versions of the Flowplayer SWF. If you're hosting it, I can XSRF you. Kill it now. https://t.co/h0TnyAKTsC — Kevin […]
First to reach 1000 rep score on Cobalt.io
Yes! I made it. Since my registration on March this year I reached more than 1000 reputation points on Cobalt.io and become the first to do it. […]
Sharing is caring!
I always try to help the local dogs and cats shelter with food and medications. Some extra cash from bug bounties helped me to give […]
Finding Vulnerabilities in Core WordPress: A Bug Hunter’s Trilogy, Part I
Very good article that I recommend you guys to read. This is part 1. http://blog.checkpoint.com/2015/08/04/wordpress-vulnerabilities-1/ Enjoy!