This week again, we publish a list of research worth reading!
🔥 Unveiling TE.0 HTTP Request Smuggling
This blog post provides details on the exploitation of TE.0 request smuggling. Definitely worth a read as a lot of people thought this wouldn't work...
🛠️ Lemma
If you missed this new tool from defparam, you are probably living under a rock: defparam/lemma (no longer available). Take 20 minutes to look it up and see how it is a game changer to automation.
👉 Encoding Differentials: Why Charset Matters
If I had time to do bug bounty, this is what I would be looking into right now: "Encoding Differentials: Why Charset Matters".
🥪 Multi-sandwich attack with MongoDB
A great post on attacking MongoDB: Multi-sandwich attack with MongoDB, great level of details and very interesting walkthrough
🛠️ One Shell to Rule Them All
The team at Tanto released a new tool and put together a sweet write-up to help you start using it:
👉 Github Actions Exploitation: self-Hosted Runners
The Synactkiv team is back with another blog post on Github Actions, this time on self-hosted runners exploitation.
👉 AppSec eZine #544
AppSec eZine is back with issue #544
