Moloch: The Most Dangerous Idea
Maybe we can’t find any aliens because they couldn’t make it past the Maloch Barrier Created/Updated: April 16, 2023 Maloch is a strong candidate for…
Category: Mix
Outsourcing security with 1Password, Authy, and Privacy.com
Take some work off your plate while beefing up security with three changes you can make today. We’ve already got enough to deal with without…
Apache Airflow Google Cloud Sql Provider Remote Command Execution
Internet Bug Bounty disclosed a bug submitted by sw0rd1ight: https://hackerone.com/reports/1895277 – Bounty: $2400 Source link
Improvements to Burp Suite authenticated scanning | Blog
Matt Atkinson | 29 October 2021 at 12:22 UTC Burp Suite’s authenticated scanning feature enables users to scan privileged areas of target web applications even…
Visualizing Live Hacking Events: Hackers Break Records at H1-702
Visualizing Live Hacking Events: Hackers Break Records at H1-702 Source link
Detectify Security Advisor explains account hijacking attack scenarios using abnormal OAuth Flows
TL/DR: OAuth users are being urged to check their sign-in flows for third-party scripts, including error flows, that could expose them to newly uncovered attack…
If you want to build a treehouse, start at the bottom
How threat modeling and pushing left help create a stable foundation for secure software. If you’ve ever watched a kid draw a treehouse, you have…
JWT audience claim is not verified
Internet Bug Bounty disclosed a bug submitted by farcaller: https://hackerone.com/reports/1889161 – Bounty: $8000 Source link
Burp Suite certification prices hacked for Black Friday | Blog
Emma Stocks | 17 November 2021 at 16:13 UTC For the very first time, we’ve decided to join the rest of the world and run…
localStorage + getter = Prototype Pollution
오늘은 Prototype Pollution에 대한 이야기를 잠깐 하려고 합니다. 다름이 아니라 @garethheyes가 아래와 같은 내용의 트윗을 올렸었습니다. 정리하면 localStorage 에서 getter를 사용하는 경우, 즉 직접 접근해서…
Changes to Disclosure Assistance | HackerOne
HackerOne is excited to announce the revamp of our Disclosure Assistance program! Our goal is to reset expectations and realign with the hacker community. As…
Better attack surface filtering and subdomain discovery
TL/DR: We’ve shipped a few new filters to the attack surface page to help security teams easily manage their rapidly expanding attack surface. We’ve also…