a little open redirect bypass story | by mert tasci
in one private program at bugcrowd, i came across three different open redirect bug methods. firstthis is an effortless open redirect vulnerability as follows and…
Category: Mix
My Year in Review — 2020. So | by d0nut
While terribly disappointed, I still had drive left in me to do well for myself and continue onward. At this time, I believed that we’d…
[tl;dr sec] #212 – AWS Security Services Best Practices, EDR Bypass Lab, 100+ Vulnerable Practice Apps
I hope you’ve been doing well! 👋 New Year, Who Dis? I hope you had a great holiday break and New Years! If you’re new,…
xss attack vector at “style” context for less.js – mert tasci
detailless & sass suddenly came to my mind when researching about of css injection attacks. you know, both are css pre-processor so i think they…
The Stony Path of Android 🤖 Bug Bounty – Bypassing Certificate Pinning
Dear readers, Long story short, doing bug bounties for mobile devices is hard. With this article I want to show you a rather simple way…
High Risk Vulnerabilities within the DoD – Exploiting Coldfusion, Dotnet Nuke, Oracle, and more | by Alyssa Herrera
The Department of Defense Launched a bug bounty program on November 21st, 2016 on Hackerone. This allowed researchers to report vulnerabilities on any military domain,…
BugBountyHunter Chats — Getting to know 0xblackbird, YouGina, JTCSec and HolyBugx | by Sean (zseano)
18 min read · Jul 12, 2021 BugBountyHunter.com opened early November 2020 and the amount of growth we have seen in members has been phenomenal!…
Addressing the Rising Threat of API Leaks
In the realm of cybersecurity, the metaphor of “Leaky Buckets” has become an increasingly prevalent concern, particularly in the context of API security. This term…
7 Things to Expect from AI in 2024+, Xi Going Stalin, SSH’s Terrapin…
Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original…
Cory Doctorow is Not Even Wrong About the So-called “AI Bubble”
I’ve had to make rule for my events: The first person to mention AI owes everyone else a drink. It’s a bubble. Tech bubbles come…
My (infosec) resolutions for 2024
The last few years I’ve been struggling to find time and energy to actively contribute to the information security community. I used to go to…
Continuous Testing & Monitoring – Blog Detectify
In order for AppSec and ProdSec teams to stay on top of their growing attack surface, they must understand what parts of their attack surface…