Category: Mix

Discovering a 16 Million Download/Week Node.js Package Zero Day for a Capture the Flag Challenge
12
Mar
2023

Discovering a 16 Million Download/Week Node.js Package Zero Day for a Capture the Flag Challenge

GovTech’s Cyber Security Group recently organised the STACK the Flags Cybersecurity Capture-the-Flag (CTF) competition from 4th to 6th December 2020….

The $16,000 Dev Mistake. Hello all! | by Daniel Marte
12
Mar
2023

The $16,000 Dev Mistake. Hello all! | by Daniel Marte

Hello all! Its been a while since my last write up. As a-lot of you know, last year I joined…

Eliminating Authorization Vulnerabilities with Dacquiri | by d0nut
12
Mar
2023

Eliminating Authorization Vulnerabilities with Dacquiri | by d0nut

Over the last year I’ve taken a step away from my usual bug bounty work to focus more on building…

Hacking Pulse Secure for Redteaming
12
Mar
2023

Hacking Pulse Secure for Redteaming

This write-up is the collective efforts of collaborating with various hackers on exploring and furthering research that was presented by…

Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
12
Mar
2023

Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies

The Story of a Novel Supply Chain Attack Continue reading on Medium » Source link

How to turn bugs into a "passive" income stream! ft Detectify's Almroot
12
Mar
2023

How to turn bugs into a “passive” income stream! ft Detectify’s Almroot

How to turn bugs into a “passive” income stream! ft Detectify’s Almroot Source link

Zoom Whiteboard
12
Mar
2023

I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS

When is copy-paste payloads not self-XSS? When it’s stored XSS. Recently, I reviewed Zoom’s code to uncover an interesting attack…

vROps
12
Mar
2023

Pre-Authenticated RCE in VMWare vRealize Operations Manager

On May 27th, I reported a handful of security vulnerabilities to VMWare impacting their vRealize Operations Management Suite (vROps) appliance….

Finding Hidden Files and Folders on IIS using BigQuery – Assetnote
12
Mar
2023

Finding Hidden Files and Folders on IIS using BigQuery – Assetnote

  Motivations I recently made a video on how to find hidden files and folders on IIS through the use…

Don’t Reply: A Clever Phishing Method In Apple's Mail App
12
Mar
2023

Don’t Reply: A Clever Phishing Method In Apple’s Mail App

About four or five years ago, friend and fellow bug bounty hunter Sam Curry asked if I had “ever thought…

Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library
12
Mar
2023

Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library

Overview On August 24th, 2022, we reported a vulnerability to Netlify affecting their Next.js “netlify-ipx” repository which would allow an…

ropnop blog
12
Mar
2023

ChiBrrCon 2020: Don’t Cross Me! Same Origin Policy and all the “cross” vulns

ChiBrrCon 2020: Don’t Cross Me! Same Origin Policy and all the “cross” vulns Source link