[Google VRP] SSRF in Google Cloud Platform StackDriver – Ron Chan
During the process of testing GAE after reading this awesome blog post, I found a debug application in Google Cloud Platform Stackdriver, user can debug…
Month: March 2023
Week in review: Public MS Word RCE PoC, API exploitation, Patch Tuesday forecast
Microsoft to boost protection against malicious OneNote documentsMicrosoft has announced that, starting in April 2023, they will be adding enhanced protection when users open or…
FROM 0 to $$$$ – MY BIGGEST BUG BOUNTY LEARNINGS!
FROM 0 to $$$$ – MY BIGGEST BUG BOUNTY LEARNINGS! Source link
Unconscious Bias & Barriers Impact Neurodiverse Workforce
In an exclusive interview with The Cyber Express, Holly Foxcroft, Head of Neurodiversity in Cyber Research and Consulting, discussed neurodiversity and the need to create…
Bountycon2020 Presentation | Richard’s Infosec blog
I was recently invited to present at BountyCon 2020. This was supposed to early March in Singapore where flights and accomodations were all provided for.…
IceFire Ransomware Attacks Both Windows and Linux
Recently, security analysts at SentinelOne got to know about an infamous IceFire ransomware that has been found attacking both Windows and Linux enterprise networks. An…
How to Spend Time Well, A Framework · rez0
For a healthy person in a first world country, the number of things we could do is near infinite. And yet, everyone spends 90% of…
Include This In Your Hacking Workflow by Continuous Monitoring with AuthoGraphQL (How-to guide)
Include This In Your Hacking Workflow by Continuous Monitoring with AuthoGraphQL (How-to guide) Source link
Samesite by Default and What It Means for Bug Bounty Hunters
31 January 2020 You have probably heard of the SameSite attribute addition to HTTP cookies since Chrome 51 (and a specification thereafter). It was advertised…
Exploiting a Blind SQL Injection via XSS – RCE Security
Introduction You probably have read about my recent swamp of CVEs affecting a WordPress plugin called Transposh Translation Filter, which resulted in more than $30,000…
Brazil seizing Flipper Zero shipments to prevent use in crime
The Brazilian National Telecommunications Agency is seizing incoming Flipper Zero purchases due to its alleged use in criminal activity, with purchasers stating that the government…
KelvinSecurity Attempts to Sell Ecuador Armed Forces Data
Months after the ALPHV ransomware group added the Armed Forces of Ecuador to its victim list, KelvinSecurity put presidential and armed files of Ecuador up…