Issue #14: Domain hijacks, SEO bypess, Golang & more

Published July 16 2017 · Edit on GitHub

Late post again, apologies! Also no tool this week but a lot of posts about domain hijacks and SEO bypasses.


Authentication bypass on Uber’s Single Sign-On via subdomain takeover

One part domain hijacking, two parts SEO takeover, this post has it all.

The .io Error – Taking Control of All .io Domains With a Targeted Registration

This is more involved than the last post domain wise, taking over a whole TLD. The .IO one at that! (Source)

24-core CPU and I can’t move my mouse

Dive deep into ETW traces and program traces. (Source)

Toward Go 2

Go 2.0 is coming!

Starbucks should really make their APIs public

Its funny this post came up this week as my friend is currently trying to hack an Amazon button to order his coffee through Skip.