Weaponising Unicode for Fun and Profit | by Eugene Lim | CSG @ GovTech
Plus a tool and tips for defenders. In this article, I will describe how Unicode — the encoding standard behind emojis and other special text…
Author: Cybernoz
NBA Cyber Incident – Fans’ Personal Information Exposed
As a result of a recent data breach, the NBA notified all its fans about the fact that a significant amount of personal information was…
Most mid-sized businesses lack cybersecurity experts, incident response plans
99% of all businesses across the United States and Canada are mid-sized businesses facing cybersecurity challenges, according to a Huntress report. Aimed to gain insights…
Chains on Chains!! Chaining several IDOR’s into Account Takeover(PART ONE) | by Daniel Marte
Hello Everybody, Welcome to my FIRST writeup! Just to give you some background, My name is Daniel, I started hacking about 4 months ago and…
Week 2
This week wasn’t about me. I and millions of others were focused on the murder of George Floyd. Black Lives Matter. My progress will resume in the next update.…
H1–212 Capture the Flag Write up. Introduction to the challenge and… | by Alyssa Herrera
Capture the flag events are particular fun events done to challenge people and get people to really think about the puzzle they’re presented with. They…
How I hacked Google’s bug tracking system itself for $15,600 in bounties
Easy Bugs for Hard Cash Continue reading on Medium » Source link
Q: How to write a BUG BOUNTY report that actually gets paid?
Q: How to write a BUG BOUNTY report that actually gets paid? Source link
Embedding Payloads and Bypassing Controls in Microsoft InfoPath
While browsing a SharePoint instance recently, I came across an interesting URL in the form https:///_layouts/FormServer.aspx?XsnLocation=https:///resource/Forms/template.xsn. The page itself displayed a web form that submitted…
New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks
A new malware botnet was discovered targeting Realtek SDK, Huawei routers, and Hadoop YARN servers to recruit devices into DDoS (distributed denial of service) swarm…
Full Stack Web Attack 2021 :: Zero Day Give Away
This year I released a challenge for the Full Stack Web Attack class: Whilst several people had solved the challenge, no one seemed to have…
Discovering a zero day and getting code execution on Mozilla’s AWS Network – Assetnote
When Assetnote Continuous Security (CS) monitors your attack surface, one of the things it looks for are instances of WebPageTest. WebPageTest is a website performance…