hacking

Cross-Fork Object References (CFOR’s) are a feature of how Github works, but they can result in information leaks. Build a replica of Github to investigate further.

The HackerOne bug bounty platform is the largest one to have its own researcher API. The ability to retrieve a list of in-scope targets creates the possibility for large scale vulnerability scanning.

DNS exfiltration allows getting data off a compromised machine using DNS lookups to hide the data. During security research, using DNS for exfiltration may help circumvent security restrictions or avoid detection.