| | Common Nginx misconfigurations that leave your web server open to attack (2020) (detectify.com) |
|
14 points by fanf2 71 days ago | past
|
|
| | Account hijacking using “dirty dancing” in sign-in OAuth-flows (detectify.com) |
|
1 point by caglarsayin on April 28, 2023 | past
|
|
| | Hacker School Reboot – insights from leading API hackers [video] (detectify.com) |
|
1 point by Faskototo on Dec 26, 2022 | past
|
|
| | Nice explanation of exploiting OAuth flows (“dirty-dancing”) (detectify.com) |
|
1 point by directionless on July 13, 2022 | past
|
|
| | Account hijacking using “dirty dancing” in sign-in OAuth-flows (detectify.com) |
|
2 points by mooreds on July 7, 2022 | past
|
|
| | Looking for TLS private keys on Docker Hub (detectify.com) |
|
2 points by Berg0X00 on June 17, 2022 | past
|
|
| | SSL certificates could be leaking company secrets (detectify.com) |
|
4 points by Nallachi on Nov 12, 2021 | past | 1 comment
|
|
| | Types of Web Vulnerabilities That Are Often Missed (detectify.com) |
|
2 points by sajjadium on Oct 5, 2021 | past
|
|
| | Hacking CloudKit: How I accidentally deleted your Apple shortcuts (detectify.com) |
|
19 points by xhruso00 on Sept 13, 2021 | past | 2 comments
|
|
| | How to set up Docker for Varnish HTTP/2 request smuggling (detectify.com) |
|
2 points by sharestuff on Aug 27, 2021 | past
|
|
| | How to Hack APIs in 2021 (detectify.com) |
|
334 points by sharestuff on Aug 10, 2021 | past | 89 comments
|
|
| | What is a Prototype Pollution vulnerability and how does page-fetch help? (detectify.com) |
|
1 point by mooreds on June 10, 2021 | past
|
|
| | CVE-2020-29653: Stealing Froxlor login credentials using dangling markup (detectify.com) |
|
1 point by sharestuff on March 10, 2021 | past
|
|
| | Middleware, middleware everywhere – and lots of misconfigurations to fix (detectify.com) |
|
2 points by zirak on Feb 26, 2021 | past
|
|
| | Common Nginx misconfigurations that leave your web server open to attack (detectify.com) |
|
409 points by sshroot on Feb 25, 2021 | past | 58 comments
|
|
| | How I hijacked the top-level domain of a sovereign state (detectify.com) |
|
295 points by Berg0X00 on Jan 15, 2021 | past | 62 comments
|
|
| | Tackling modern PHP bug classes (detectify.com) |
|
2 points by sharestuff on Sept 17, 2020 | past
|
|
| | Do not dismiss the small vulnerabilities (2018) (detectify.com) |
|
2 points by brlewis on June 16, 2020 | past
|
|
| | Go 1.12 runtime can cause OOM (Out of memory) error (detectify.com) |
|
1 point by nexneo on Sept 16, 2019 | past
|
|
| | Thinking outside of the password manager box (detectify.com) |
|
3 points by zulln on Feb 28, 2019 | past
|
|
| | I exploited TLS-SNI-01 issuing Let's Encrypt SSL-certs for any domain (2018) (detectify.com) |
|
240 points by yread on Jan 28, 2019 | past | 77 comments
|
|
| | XSS using a bug in Safari and why blacklists are stupid (detectify.com) |
|
2 points by SirOibaf on Oct 19, 2018 | past
|
|
| | XSS using quirky implementations of ACME http-01 (detectify.com) |
|
2 points by hannob on Sept 8, 2018 | past
|
|
| | Scratching the surface of host headers in Safari (detectify.com) |
|
1 point by zulln on April 9, 2018 | past
|
|
| | GraphQL abuse: Bypass account level permissions through parameter smuggling (detectify.com) |
|
3 points by filleokus on March 15, 2018 | past
|
|
| | Using Google Analytics for data extraction (detectify.com) |
|
1 point by 5706906c06c on Feb 1, 2018 | past
|
|
| | How I exploited TLS-SNI-01 to issue Let's Encrypt certs using shared hosting (detectify.com) |
|
9 points by Titanous on Jan 12, 2018 | past | 2 comments
|
|
| | TrackMania – a Chrome plugin to stalk your friends on Tinder (detectify.com) |
|
2 points by Serpentson on Oct 24, 2017 | past
|
|
| | The story of EV-SSL, AWS and trailing dot domains (detectify.com) |
|
2 points by the_arun on Oct 24, 2017 | past | 1 comment
|
|
| | AWS S3 access controls full control over your assets (detectify.com) |
|
1 point by jorkvist on July 17, 2017 | past
|
|
|
|
More |
