Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Although XSS is super common, there is an infinite amount of ways to trigger it!

Copying and pasting payloads into forms is good for a while but not that great to get a pHD in XSS.

The base tag is used for the base of a URL. However, JavaScript URI's cannot be in the URI. This needs to look like a normal URL but still execute the JS (// looks like a comment). This can be bypassed by either using a multi line comment or a regex.

Gareth Heyes, from Portswigger, demonstrates a parsing bug in Safari that looks like it makes zero sense...Just abusing the parser and understanding of the browser.

Good hacking can be found by a deep understanding of something with a large amount of creativity.