Prepping CFPs this year has been a great feeling. Something about actually writing down everything we've discovered / built during research from tooling, novel techniques and even bounties gives you that perspective of what we've actually achieved... Mega excited for this one!
Love it when someone mentions a vuln class to you that sounds cool and then is suddenly applicable in your very next test!
SSRF blacklist bypass using DNS rebinding. The Single-packet attack continues to make my stupid race condition ideas a reality.
I'm making a habit of writing down literally any thought that suddenly pops into my head related to research leads. I'm finding it fun to laugh at my own ideas. But all of a sudden, I also have a long list of fun/interesting ideas to try before I need to panic about running out of ideas.
I do have a specific post in mind about something very related! That one actually produced results outside of my test.
This one is truly a terrible idea... but if it proves the concept... perhaps π
The fact that I can use claude in the background to adjust custom tooling on the fly to test out relatively insane theories on the off chance they work all without losing any measurable time for my actual test is really really powerful.
Spring is just around the corner, and that's when I offer online training courses on Burp Suite Pro π¨βπ« Two sessions are planned (in English and French), and there are still a few spots left in each.
Contact me to get an early-bird discount code! π°
Our embedded security and cryptography expert Joachim StrΓΆmbergson guested a Swedish security podcast (Bli SΓ€ker @nikkasystems.com) and discussed Post Quantum Cryptography. Find our English summary and the link to the episode in our blog.
www.assured.se/posts/podcas...
#pqc #security #cryptography
Going here github.com/vladko312/Re... and implementing a selection / all of these into Backslash-Powered Scanner (or a custom scan check...) is probably very useful.
The real work comes from creating a safe but syntactically similar payload for the probe pair.
Bring back SSTI!
The voting has concluded, and we're thrilled to announce the top ten web hacking techniques of 2025! Massive thanks to everyone in the community for sharing their hard-earned discoveries, plus the panel and everyone who nominated or voted! portswigger.net/research/top...
Yeah this is the approach I am taking now I think. New branch, let it implement something and then try to critique it somewhat or ask it about the implementation. If it can't be easily fixed or get's a bit insane, I can just kill the entire branch worst cast π. When it does work it's beautiful!
Interesting, I only just started using git with it but perhaps I'll hold off... Or at least be very careful π
Super impressed by it having moved over from Gemini CLI recently. Are you doing anything particularly special out of interest in terms of dev usage? Multiple instances, or specific agents etc? Just curious!
Got one of our most impactful cases re-opened and accepted after a quick email chain. Always happy to see programs supporting researchers in this way. Going to try writing my reports with a public disclosure section right at the top to see if this helps in these cases.
Spent a long time on a case over the last few weeks getting absolutely nowhere. Remember to try this, instant RQP... I must remember to take my own advise occasionally.
Celebrating 100 #security assessments, over 1000 findings, and over 2000 pages of #pentest reports in 2025!
www.assured.se/posts/100-se...
Love web & AI security research? Want to do it full time on-site with myself, Gareth Heyes & Zak Fedotkin? Join the PortSwigger Research team - we're hiring!
apply.workable.com/portswigger/...
We got our "bigmac" π AI machine up and running today! Time to find out if I can start using shadow-repeater every day π₯
Cybersecurity in #MedTech is no longer something you "add later."
Under #MDR / #IVDR, security is a prerequisite for market access, not an optional feature.
When addressed too late, the result is rework, delays, or products that never make it to market.
Read more: www.assured.se/areas/medtec...
π Built a simple RSS reader called Feedworm that runs in DevTools and never phones home. Keep up with blogs and research without selling your data.
thespanner.co.uk/introducing-...
Needed a custom hackvertor tag for reasons. IIRC there's this AI integration now right? **enter prompt**. Oh okay it works and I'm done. I suspect I've been sleeping on this... One of my favourite extensions atm.
Voting is now live for the top ten web hacking techniques of 2025! Grab a brew, browse the 61 quality nominations and cast your vote on the most creative and ground-breaking techniques:
portswigger.net/polls/top-10...
On a whim I asked Gemini a ridiculously specific question. "Give me a response that has length X and is text/html for X proxy". And while it basically made up the answer (I assume) it still pointed me to a solution I've needed for months! I Guess trying "stupid ideas" can work for LLMs too.
Kom och jobba med mig!
@assuredab.bsky.social sΓΆker nytt blod. Bland annat en sΓ€ljansvarig fΓΆr #securityengineering #allthecybers #cra #nis2 #dora #sdlc
www.assured.se/sv/jobb/ledi...
Maybe to search inside of encoded data? If I want to search a json blob that is also base64 encoded, it could be cool to simply write out the hackvertor tag into a filter and have the filter process the result of that tag?
Nominations for the Top 10 (new) Web Hacking Techniques of 2025 are now live! Review the submissions & make your own nominations here: portswigger.net/research/top...
[Blog Post] Turning the List-Unsubscribe SMTP Header into an SSRF/XSS Gadget
security.lauritz-holtmann.de/post/xss-ssr...
Once again, ancient RFCs and overlooked security hot spots in specifications turned out to be worthwhile for security research.
Read the spec!
Bypass CSP in a single click using my new Custom Action, powered by @renniepak.nl's excellent CSP bypass project.
Meet AutoVader. It automates DOM Invader with Playwright Java and feeds results back into Burp. Faster client side bug hunting for everyone. π
thespanner.co.uk/autovader
When looking for postMessage vulnerabilities, the FancyTracker Firefox extension can be very useful.
It has built-in syntax highlighting and sortes out duplicates. Check it out π
https://github.com/Zeetaz/FancyTracker-FF
And the original for Chrome: https://github.com/fransr/postMessage-tracker
Your weekly reminder to migrate from rs/cors to jub0bs/cors. π
github.com/rs/cors/issu...
