Все публикации

Decoding Spotify Barcodes0:25:19

Decoding Spotify Barcodes - Defcon 32 Coin Challenge Solution [2024]

XSS via CSPT0:30:31

XSS via CSPT and Open Redirect - Solution to August '24 Challenge (Defcon)

Intigriti Kick off0:02:57

Intigriti Kick off 2024

Exploiting Insecure Output0:12:58

Exploiting Insecure Output Handling in LLMs

Indirect Prompt Injection0:11:32

Indirect Prompt Injection

Exploiting Vulnerabilities in0:05:41

Exploiting Vulnerabilities in LLM APIs

Exploiting LLM APIs0:09:28

Exploiting LLM APIs with Excessive Agency

Performing CSRF Exploits0:10:36

Performing CSRF Exploits Over GraphQL

Misconfig Mapper -0:04:53

Misconfig Mapper - Hacker Tools

Bypassing GraphQL Brute0:07:12

Bypassing GraphQL Brute Force Protections

Finding a Hidden0:07:51

Finding a Hidden GraphQL Endpoint

Accessing Private GraphQL0:06:47

Accessing Private GraphQL Posts

Prototype Poisoning and0:11:51

Prototype Poisoning and Unicode Case Mapping Collision - Solution to March '24 Challenge

Introduction to GraphQL0:18:50

Introduction to GraphQL Attacks

Aggressive Scanning in0:18:18

Aggressive Scanning in Bug Bounty (and how to avoid it)

Exploiting Server-side Parameter0:10:37

Exploiting Server-side Parameter Pollution in a REST URL

Common Scoping Mistakes0:24:30

Common Scoping Mistakes

Exploiting Server-side Parameter0:11:26

Exploiting Server-side Parameter Pollution in a Query String

Understanding Scope, Ethics0:14:11

Understanding Scope, Ethics and Code of Conduct (CoC)

Exploiting a Mass0:07:20

Exploiting a Mass Assignment Vulnerability

Unicode Normalization and0:21:15

Unicode Normalization and Cookie Path Precedence - Solution to February (Valentines) '24 Challenge

Finding and Exploiting0:07:10

Finding and Exploiting an Unused API Endpoint

Exploiting an API0:07:34

Exploiting an API Endpoint using Documentation

DOM Clobbering, CSPP0:24:22

DOM Clobbering, CSPP (axios) and XSS - Unintended Solutions to January '24 Challenge