JNDI Injection Remote Code Execution via Path Manipulation in MemoryUserDatabaseFactory
In this blog post, I’m going to describe a relative new vector to achieve remote code execution via a JNDI Injection that I found independently…
Category: Mix
Two of Wallarm’s Open-source Tools Have Been Accepted into Black Hat Arsenal 2024 –
We’re gearing up with some seriously cool stuff for Black Hat! But first, a little sneak peek – not just one, but TWO of Wallarm’s…
How HackerOne Organizes a Remote Hack Week
This year’s Hack Week was dedicated to artificial intelligence (AI), and teams worked together to problem-solve and explore new projects, keeping this theme in mind.…
What HackerOne Customers Say About the Problems Hackers Solve
The Problems Customers Use Ethical Hackers To Solve Organizations work with ethical hackers to address a range of issues, including knowing unknowns, preventing breaches, meeting…
10 Years of the GitHub Security Bug Bounty Program
Each year, we celebrate the GitHub Security Bug Bounty program, highlighting impressive bugs and researchers, rewards, live hacking events, and more. This year, we celebrate a…
Weekly Vulnerability Trends Report – 2024-07-06 – Web Security Services
This Week’s Vulnerability Landscape Welcome to our weekly vulnerability trends report. This week, we’ve analyzed 2000 vulnerabilities to bring you the most important security insights.…
Weekly Vulnerability Trends Report – 2024-07-12 – Web Security Services
This Week’s Vulnerability Landscape Welcome to our weekly vulnerability trends report. This week, we’ve analyzed 2000 vulnerabilities to bring you the most important security insights.…
Dynamic Content Summaries (DSC)
One of the coolest things I can’t wait to come out of AI is what I’m calling Dynamic Content Summaries (DCS). They are contextually created…
8 ways to reduce your Mean Time to Resolution (MTTR)
When a potential threat emerges, organizations must act quickly. Yet despite this urgency, response times often lag, leaving systems vulnerable to attacks. Globally, 75% of…
Should You Create a Personal or Business Brand?
I think every creator might need to make a core decision of whether they’re doing: A PERSONAL brand on which you post pretty much everything,…
Pentesting for Web Applications: Methodologies & Best Practices
Pentest reports are a requirement for many security compliance certifications (such as ISO 27001 and SOC 2), and having regular pentest reports on hand can also signal…
Caffeinate Your Mac
Did you know your MacBook has a built-in barista? Well, sort of. It’s called ‘caffeinate’, and it’s a nifty little command that keeps your Mac…