The first ten minutes on a new JavaScript bundle
Opening a stranger's bundled JavaScript for the first time. What I grep for, in what order and why. A practical follow-up to why you should not skip JS files at all.
Read more →
Tag
recon
4 posts tagged with recon.
All15bug bounty12web security6recon4CVE4pentesting4mindset3WordPress2cybersecurity2career2SQLi2red team1SSRF1malware1RCE1
Go wide before you go deep
The best vulnerabilities aren't on the main domain. Here's why wildcard scopes beat limited ones and how going wide leads to the findings that actually matter.
Read more →
Stop skipping JavaScript files
Running automated scans while ignoring JavaScript files means missing the real gold. Here's how reading JS files led to full admin access on a HackerOne target.
Read more →
The RCE hidden behind a forgotten endpoint
A development endpoint that shouldn't exist led to full remote code execution. Here's how thinking about impact turned one finding into a critical chain.
Read more →