Couldn't be more happy for the outcome that this cookie tossing research ended-up to have!
The whole idea of doing a talk came very randomly at the time and I wasn't even aware that I already had the sufficient material for it.
"you can just do things" has never been more true :D
After countless hours, the blog post associated to cookie tossing and the attacks it enables is finally ready!
It roughly covers the same topic as my area41 talk but with many additions and much more details (which made it way longer than expected...)
https://t.co/UBDDXBBLr1
Here are the slides of my talk at #AREA41:
https://t.co/HRUu0neheP
I might also soon write an associated blog post to give more details / discuss things i wouldn't have the time to discuss in a 45-minutes talk.
2⃣ autoSSRF
autoSSRF is a context-based automated SSRF scanner capable of identifying whitelisted hosts and generating possible bypasses based on the whitelisted URLs! 😎
autoSSRF is also available on Github! Check it out 👇
https://t.co/AZJoP1v0wT