WAF bypasses, CVE research & constant-time crypto.
⏰ Introducing constant-time support for LLVM to protect cryptographic code
Trail of Bits explains their work on adding constant-time support to LLVM so that compiled cryptographic code remains constant-time: Introducing constant-time support for LLVM to protect cryptographic code.
⛔️ Bypassing WAFs for Fun and JS Injection with Parameter Pollution
A great summary of the current state of HTTP parameter pollution as a way to bypass WAFs: Bypassing WAFs for Fun and JS Injection with Parameter Pollution.
🧐 How to Research & Reverse Web Vulnerabilities 101
One of my favourite hobbies (CVE analysis) is covered in this blog post from the ProjectDiscovery team: How to Research & Reverse Web Vulnerabilities 101.
Want to build these skills hands-on?
PentesterLab has 700+ real-world labs on web hacking, code review, and vulnerability analysis. Start with a free account.
