Research Worth Reading Week 50/2024

Published: 16 Dec 2024

Another great week! Enjoy!

💎 The Ruby on Rails _json Juggling Attack

Another fantastic article from Luke on The Ruby on Rails _json Juggling Attack. A must-read for Ruby on Rails enthusiasts!

🍊 Unveiling Hidden Transformers in Windows ANSI [PDF]

Don't miss out on the BlackHat Europe slides from DevCore Unveiling Hidden Transformers in Windows ANSI and some new fun with Windows Unicode.

🌨️ When Replicas Go Rogue - A Deep Dive into Cloudflared Replicas Exploitation Scenarios

A deep-dive into Cloudflare Replicas with multiple attack scenarios, well written and definitely worth a read if you are targeting applications leveraging Cloudflare.

🔍 DOMPurify 3.2.1 Bypass (Non-Default Config)

A great article on DOMPurify and how to leverage namespace confusion using is.

Photo of PentesterLab
Written by PentesterLab
The platform to learn web hacking and security code review

Join the PentesterLab's Newsletter

Subscribe to get our latest content by email.

    We won't send you spam. Unsubscribe at any time.