SSL Pinning -
https://www.youtube.com/watch?v=is8lHjEkk7U
How http works ?
How SSL / TLS works ?
How DNS Works ?
How OAUTH works ?
https://twitter.com/s0md3v/status/1168846854689132544
https://twitter.com/hackerscrolls/status/1269266750467649538
https://blog.avuln.com/article/4
https://dhavalkapil.com/blogs/Attacking-the-OAuth-Protocol/
https://webstersprodigy.net/2013/05/09/common-oauth-issue-you-can-use-to-take-over-accounts/
https://research.nccgroup.com/2020/07/07/an-offensive-guide-to-the-authorization-code-grant/
https://www.youtube.com/watch?v=O762qjAjAyo&list=PLnICOE3KiEs9J65ndHOeOYDiyA7FhI1g9&index=6&t=0s
https://maxfieldchen.com/posts/2020-05-17-penetration-testers-guide-oauth-2.html
https://medium.com/@apkash8/oauth-and-security-7fddce2e1dc5
https://medium.com/@lokeshdlk77/bypass-oauth-nonce-and-steal-oculus-response-code-faa9cc8d0d37
https://t.co/FYJdf7Z6nG?amp=1
Had some recent success using untranslatable Unicode in place of a "?" when attacking URL parsers for SSRF/OAuth issues. What worked was... \udfff -> � -> ? Therefore... {"redirectUri":"https://attacker\udfff@[victim]/"} Equals... Location: https://attacker?@[victim]/ -
https://twitter.com/samwcyo/status/1246997498981494784
https://xpoc.pro/oauth-authentication-bypass-on-airbnb-acquisition-using-weird-1-char-open-redirect/
Got my 1st HTTP Parameter Pollution (HPP) bug rewarded! Targeting an OAuth login: by providing url parameter "scope" twice, the page asked confirmation for the first, but ended up authorizing all others too:
/oauth?redirect=x&response_type=code&client_id=x&scope=name&scope=email
https://www.hackedu.com/blog/analysis-of-common-federated-identity-protocols-openid-connect-vs-oauth-2.0-vs-saml-2.0
https://twitter.com/apisecurityio/status/1283023445081509888?s=20
Certificate Transparency:
https://www.digicert.com/certificate-transparency/how-it-works.htm
http://www.certificate-transparency.org/how-ct-works
https://medium.com/babylon-engineering/android-security-certificate-transparency-601c18157c44
HTTP headers
https://www.federacy.com/blog/security-headers-the-whys-and-hows/
https://zgheb.com/i?v=blog&pl=46#sh_acao
https://blog.initd.sh/others-attacks/web-application/http-security-headers-detailed-explanation/
https://www.youtube.com/watch?v=eDauBJUthRo
https://int64software.com/blog/2018/11/05/hardening-website-security-part-1-http-security-headers/
https://blog.detectify.com/2019/02/05/guide-http-security-headers-for-better-web-browser-security/
https://medium.com/@Johne_Jacob/7-security-response-headers-every-security-tester-should-know-77576ffdfc0f
https://www.scip.ch/en/?labs.20180809
https://medium.com/securing/what-is-going-on-with-oauth-2-0-and-why-you-should-not-use-it-for-authentication-5f47597b2611
https://habr.com/en/post/449182/
How to Hunt Bugs in SAML; a Methodology - Part I
https://www.anitian.com/owning-saml/
The most common OAuth 2.0 Hacks - https://habr.com/en/post/449182/
http://blog.intothesymmetry.com/2015/12/top-10-oauth-2-implementation.html
https://twitter.com/fyoorer/status/1190304570506911744
https://medium.com/swlh/hacking-saml-bce30483d020
https://medium.com/@wdevon99/what-the-hell-is-oauth-6ba19f236612
https://twitter.com/s0md3v/status/1168846854689132544
https://twitter.com/fuxksniper/status/1297092959544856576
Host Header -
CSP -
CSP -
SAML -
nmap -
I built a tool to turn scan data into a sortable table for easier consumption. () Demo:
---Nmap Trick Techniques
How to defend your website with ZIP bombs : -
A pretty old bug in Yahoo!
New blog post about bypassing payments using webhooks:
