rs0n_live

Client-Side Injections Part II is by FAR my most requested video! I hear you, I see you, and I'm on it 😊



🛝 Slide deck is done!
🎥 Recording in progress...


Outline:
- Recap from Part 1
- What is a client-side injection?
- Examples of client-side injections
- Reflected Cross-Site Scripting (XSS)
- Stored Cross-Site Scripting (XSS)
- DOM-Based XSS
- Client-Side Prototype Pollution (CSPP)
- Executing vs. Weaponizing
- Compensating Controls
- Client-Side Validation
- Web Application Firewall
- Server-Side Validation
- Content Security Policy (CSP)
- Cookie Flags
- Virtual DOM (React)
- CSRF Protection
- Output Encoding
- Part 1 focused on Executing
- Weaponizing is how you show impact
- What is impact?
- Weaponizing XSS
- Session Hijacking - Steal session token
- httpOnly?
- CSP?
- Session Riding (CSRF + XSS)
- sameSite strict?
- What actions can you take?
- Additional protections?
- Data Exfiltration
- What sensitive data is stored in the DOM?
- How can you send it? (img, ajax call, etc.)
- Must be delivered to a victim
- What is a Self XSS?
- What is the Same Origin Policy (SOP)?
- How the SOP Effects Exploitation
- Finding Good Targets
- Bash script to scan across all programs
- Ars0n Framework v2
- Locating Attack Vectors
- Reflected
- Stored
- DOM
- Automated Testing
- Manual Testing
- Let's Hunt!


It's going to be a long one!! I hope it helps!

Cheers!

Skip the Carousel

1 2 3 4

1 month ago | [YT] | 84

rs0n_live

I want to thank you all so much for being patient with me while I've transitioned to my new job. Layoffs are never fun and they definitely came as a surprise, but thankfully I've landed at an incredible company and I couldn't be happier with my team & role. I'm hoping to get back to making videos once I've fully settled in!

In the meantime, I've written over 800,000 lines of code for the Ars0n Framework V2 and I'm starting to get VERY excited about how it's turning out! Fully dockerized, each tool in it's own container so they can run simultaneously, and my full bug bounty hunting methodology is built into the front end. The goal of this tool is for someone with zero bug bounty hunting experience to pick it up and start finding bugs. I should have a preview version ready in the next month or two, with the goal of launching an open Beta at DEFCON!

If you want to know more about what I've been up to and what's coming down the pipe, I recently sat down with Ryan Cox from the Cybersec Café to talk about my journey in cybersecurity, give advice on building a career in AppSec today, and discuss where I'm planning to go for here.

www.cyberseccafe.com/p/cyber-chat-rs0n

Thank you all again for all your kind words and support!! I can't wait to get back to making videos and livestreams! (I just have to make sure my mortgage is paid, otherwise I'll have to lose that fancy background 😅. Best of luck to everyone on your journey, I promise I will continue doing everything I can to make that journey easier!

Cheers!

Skip the Carousel

1 2 3 4

7 months ago | [YT] | 132

rs0n_live

All four of my Bug Bounty Hunting Methodology sheets are (mostly) done and available on my DEFCON Workshop repo! The tools and techniques I used to find every valid bug bounty report I've ever submitted are documented in these files. I hope they help, and I can't wait to see everyone at DEFCON this weekend!!

github.com/R-s0n/bug-bounty-village-defcon32-works…

1 year ago | [YT] | 87

rs0n_live

Wouldn't it be great if the Security Teams that run Bug Bounty Programs would hop on a Livestream, explain their attack surface and show you what kinds of vulnerabilities they are looking for?

I thought so, too, so I decided to lead the way! Tomorrow at 11am CST on Twitch, I'll be hosting a livestream to walk through the FloQast Bug Bounty Program's attack surface.

I'm going to be explaining why you see what you see when you get scan results from many popular tools, what vulnerabilities we look for, and how to approach testing our application.

My goal at FloQast is to build the Bug Bounty Program I always *wished* existed when I was hunting full-time. This is the first step in achieving that goal 😀

1 year ago (edited) | [YT] | 93

rs0n_live

Hey Everyone! Just want to give a quick update on my IDORs and Access Controls Part III video:


As I'm recording this video, I'm realizing that this will end up being another 4-5 hour recording 😨, and as much as I want to get this video out to the community, I also don't want to rush it.

Now that we've got the basic knowledge from the last two videos, I think I have a really great opportunity to take my time and demonstrate a very effective and cohesive methodology. Then downside is that it simply takes time to get all that knowledge in the video.


I promise I will get this video out to y'all as soon as I can! However, I also promise not to rush out an inferior video just to keep my numbers up in the algorithm, which hopefully is better for everyone!

1 year ago | [YT] | 249

rs0n_live

Tank wanted me to take a break from our bike ride to let everyone know the Ars0n Security DISCORD CHANNEL is finally live!! 📢💥 --> discord.gg/qCm8USdn4

I'm very excited to begin fostering a community of people who are deeply passionate about making the internet a more secure place!

If you are interested in any of the following, then come hang out:

- Bug Bounty Hunting
- Cybersecurity Research
- Building Automation Tools
- Starting a Career Cybersecurity
- Technology-related Side Hustles

But most importantly, if you're someone who believes in hard work, making an impact, and lifting others up as much as possible then we would love to have you!

1 year ago | [YT] | 28

rs0n_live

Hey Everyone! My dog Tank wanted me to let everyone know that I'm going to be hosting a Twitch Stream starting in the next few hours!

This time, I'm going to move past Recon and do Live Enumeration and Identifying Attack Vectors in the Starbucks public Bug Bounty Program on HackerOne!

Feel free to come hang out, ask questions, and request any specific demos!!

www.twitch.tv/rs0n_live

1 year ago | [YT] | 25