Jake Miller

Amazing work @albinowax! I’m just blown away with your creativity in finding new desync variants. I’m looking forward to trying it out in the labs.

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2021! portswigger.net/research/top-1…

It seems that there is a lot confusion about the log4j JNDI injection vulnerability (CVE 2021-44228). In our latest blog post we provide additional background fundamentals about JNDI and JNDI exploitation (and a lot of links): mogwailabs.de/en/blog/2021/1…

@projectzerodays Sure! I found a few of these over the course of that year on services that accepted XLS uploads. They were all instrumenting MS Excel on a backend server for document processing: labs.bishopfox.com/tech-blog/2018… and labs.bishopfox.com/hubfs/Blog%20P…

@theBumbleSec the spreadsheet injection refs in your bio… could I possible take a look at your research? Links? Info? DM me.

Check out our blog post on Context Aware Content Discovery blog.assetnote.io/2021/04/05/con… - we drop a tool (Kiterunner - github.com/assetnote/kite…) and some datasets. Hope you can find more endpoints through our work!

Found another jndi bypass like 🟠's groovy bypass using org.yaml.snakeyaml.Yaml. Heres a controller for rouge-jdni to add it to your arsenal gist.github.com/TheGrandPew/74….

Great research by @artsploit! Also, be sure to check out the labs and updates to content at portswigger.net/web-security/o…

Awesome to see @seanyeoh finding some epic examples of h2c smuggling! Great work @assetnote team!

Excited to share that I have just started a new position on the AppSec team @BrexHQ! Looking forward to being a part of their awesome team :)

I used Radamsa to fuzz and find an inconsistency between 2 NodeJS URL parsers and bypass host whitelisting in Kibana webhooks. The impact was low here but the parser issue can probably cause some trouble in other Node code bases. Read more details 👇 blog.deesee.xyz/fuzzing/securi…

More great lessons on fuzzing from @Nosoynadiemas! I am always excited when I see a new post in this series. Thank you for sharing!

Istio vulnerability with an 8.2 CVSS. They're calling it a 0day. Also a lesson in JWT validation mistakes. > If a JWT token is presented with an issuer that does not match the issuer field specified in JwtProvider, then the request is mistakenly accepted groups.google.com/g/envoy-securi…

@h3xstream @nst021 Thank you for letting me know! Love the depth of this piece. It also provides coverage for languages that I skipped like Swift, Perl, Obj-C, and Lua. Added a link and shout out in the Takeaways section :)

@albinowax @theBumbleSec @bishopfox Important reference missing in the article: Parsing JSON is a Minefield by @nst021 seriot.ch/parsing_json.p…

JSON Interoperability vulnerabilities sound like they have some serious bug-bounty potential. Nice work once again by @theBumbleSec/@bishopfox labs.bishopfox.com/tech-blog/an-e…

@nlohmann The trials included: 1) attempting to induce duplicate keys through truncation 2) fuzzing Unicode codepoints/raw/transforms 3) using unofficial JSON grammar 4) edge-case numbers 5) adding small quirks/errors: stray quotes or backslashes, odd whitespace. Hope that helps! (2/2)

@nlohmann Hey Niels! Nice to meet you :) During my tests, nlohmann/json had behavior consistent with JSON parsing "norms" and the spec. Notably, it made excellent use of exceptions! I'd be happy to provide more context on the test cases. (1/2)

@pry0cc Haha I was biting my tongue earlier this week, as my new research was just about to be published, but now I can share it. JSON Interoperability Vulnerabilities: labs.bishopfox.com/tech-blog/an-e…

@albinowax @irsdl @bishopfox Can't wait to see it! Feel free to DM me. I have some ideas :)

@irsdl @theBumbleSec @bishopfox Hell yes they can :)

Accompanying labs and cheat sheet: github.com/BishopFox/json…

Just when you thought JSON was the one thing you could trust. My latest research on JSON interoperability vulnerabilities highlights the risks of inconsistent parser behavior (40+ parsers) and attacks to bypass business logic in microservice architectures. labs.bishopfox.com/tech-blog/an-e…