Research Worth Reading Week 29/2024

Published: 22 Jul 2024

This week again, we publish a list of research worth reading!

🔥 Unveiling TE.0 HTTP Request Smuggling

This blog post provides details on the exploitation of TE.0 request smuggling. Definitely worth a read as a lot of people thought this wouldn't work...

🛠️ Lemma

If you missed this new tool from defparam, you are probably living under a rock: defparam/lemma (no longer available). Take 20 minutes to look it up and see how it is a game changer to automation.

👉 Encoding Differentials: Why Charset Matters

If I had time to do bug bounty, this is what I would be looking into right now: "Encoding Differentials: Why Charset Matters".

🥪 Multi-sandwich attack with MongoDB

A great post on attacking MongoDB: Multi-sandwich attack with MongoDB, great level of details and very interesting walkthrough

🛠️ One Shell to Rule Them All

The team at Tanto released a new tool and put together a sweet write-up to help you start using it:

👉 Github Actions Exploitation: self-Hosted Runners

The Synactkiv team is back with another blog post on Github Actions, this time on self-hosted runners exploitation.

👉 AppSec eZine #544

AppSec eZine is back with issue #544

Photo of PentesterLab
Written by PentesterLab
The platform to learn web hacking and security code review

Join the PentesterLab's Newsletter

Subscribe to get our latest content by email.

    We won't send you spam. Unsubscribe at any time.