MonkeHacks #87

It’s been a pretty stressful week (and a half) for a number of reasons, mostly related to my two cats. Meap recovered perfectly after his emergency vet trip, but then Tora had some nausea from a hairball so I had to feed him one teaspoon of food at a time. I was back in Ireland for two to three days to visit my family before Christmas, so the cats were in the care of some close friends. The two stinkers have both recovered now, and they’re back to normal - which I’m very thankful for.

I’ve been working on a pentest this week - a bunch of payments from previous months all paid out this month, so on paper I’ve had a very successful December. I’ll do a “Year in Review” in the next issue (hopefully around Dec 29th or 30th). And what a year, honestly. I demolished my goals.

I’ve been working on a lot of things on a number of fronts; I’ve started setting up my next AI research topic, and I’ve been working on my startup. I expect to publish some research and provide some more details on my company in January. Stay tuned!

Weekly Ideas / Notes 

• I’ve had to turn down some good freelance opportunities this week due to having too much on my plate. It’s a bit frustrating because security work seems to come in bucketloads all at once, and then there can be nothing at all for a month. It almost feels like throwing money away. It’s not work that I can outsource or subcontract either, because it’s work that’s specific to my skillset.

• I might redesign this newsletter soon with the Beehiiv website builder. Up to this point I’ve been using the free version (I’m cheap), but I’m fast approaching 1,000 readers, so it’s about time I upgrade this thing. If you’re reading this and you’re interested in sponsoring this upgrade, do reach out to me on X. This newsletter has some pretty good stats.

• Part of my mission with this newsletter is to bring some small changes that can have a radical quality-of-life improvement. This week I’ve been thinking about how naivety can be a superpower. There’s a lot of power in not knowing how you’re supposed to do something. It blows away any flawed conceptions held by the masses, and often you arrive at a more direct solution than the status quo. Take, for example, startups. The “common knowledge” is that you go and take VC money. But the naivety route is, asking yourself why you even need VC money. Just because nobody else does it, that doesn’t mean your path is wrong. It’s just different. Have the confidence to try things that are different. This works for bug bounty too. Take the weird path that other people aren’t thinking about. That’s where the bugs are.

• NahamCon Winter Edition starts this week! NahamCon is always full of interesting talks and knowledge, so do not miss this. It’s free. I repeat, do not miss this. It is FREE.

• Caido now has a plugin for taking neat screenshots of HTTP requests! This looks REALLY useful. Redacting requests for reports is now vastly easier to do.

• From my friend m0z on X: “In case you didn't realize, referrerpolicy attributes take precedence over policies defined in meta tags or response headers”. This is a VERY useful client-side trick; he points out that it means that provided that you can bypass the CSP, you can always leak query parameters from the current page if you have a HTML injection.

• From Nowasky: “Anchor/area tags can leak page URLs (origin, path, query, post-click fragment) by using href="#" with the ping attribute pointing elsewhere.” These are useful client-side gadgets if you have partial or full HTML injection. Put them in your notes! You may not need them now, but I promise you that you’ll need them in the future.

Reading List

• Currently:

  • Fiction:

    • Solenoid by Mircea Cărtărescu (130/600 pages)

    • Guards! Guards! by Terry Pratchett

  • Non-Fiction:

    • A Random Walk Down Wall Street by Burton Malkiel (150/300 pages)

    • How The World Made The West by Josephine Crawley Quinn (265/400 pages)

    • Founders At Work by Jessica Livingston (190/472 pages)

Resources

• SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL: WatchTowr back with more impactful research. This time, it’s a new primitive in .NET request handling that led to some cool bugs in various pieces of enterprise software.