NIS2: Next Step Forward on EU Security Requirements
NIS2 focuses on strengthening EU resilience through new and amended obligations for cybersecurity risk management practices, incident reporting, and security audits. NIS2 imposes obligations on…
Category: Mix
7 Problems With Traditional Pentests
Pentesting has been around for decades, but it hasn’t undergone the revolution that other security practices have. Organizations tend to rely on pentesting as a…
How To Find Broken Access Control Vulnerabilities in the Wild
What Is Broken Access Control? BAC is a class of application vulnerability where a function or asset in the application is accessible to someone who…
How an IDOR Vulnerability Led to User Profile Modification
According to the 7th Annual Hacker-Powered Security Report, IDOR makes up 7% of the vulnerabilities reported via the HackerOne platform. Government agencies and automotive organizations saw…
The Recruitment Process: What to Expect When You Apply at HackerOne
If you’re considering applying, here’s a look at what you can expect from the process, from the initial application to joining your onboarding cohort. Application…
Measure Your AI Risk Preparedness with This Interactive Self-Assessment Tool
Effectively managing these risks requires human expertise and strategic oversight. That’s where the AI Risk Readiness Self-Assessment Tool comes in — helping your organization evaluate the…
Using ngrok to proxy internal servers in restrictive environments
When gaining shell access to a machine on a network, a promising attack vector is to check the internal network for web applications and services…
Gaining access to Uber’s user data through AMPScript evaluation
Modern development and infrastructure management practices are fast paced and constantly evolving. In the race to innovate and expand, new assets are being deployed and…
Discovering a zero day and getting code execution on Mozilla’s AWS Network
When Assetnote Continuous Security (CS) monitors your attack surface, one of the things it looks for are instances of WebPageTest. WebPageTest is a website performance…
How To Use HackerOne’s Global Vulnerability Policy Map
To help organizations keep up with the shifting landscape of VDP mandates and recommendations, HackerOne has developed the Global Vulnerability Policy Map, an interactive map-based…
Finding Hidden Files and Folders on IIS using BigQuery
Motivations I recently made a video on how to find hidden files and folders on IIS through the use of IIS Shortname Scanner. Using IIS…
Vulnerability Deep Dive: Gaining RCE Through ImageMagick With Frans Rosen
The file upload vulnerability type is as broad in scope as the number of different file types. These vulnerabilities are an ever-present security concern. While…