Firefox + Container + Proxy = Hack Env
여러분들은 분석하실 때 어떤 브라우저를 사용하시나요? 저는 보통 각 도구의 Embedded Browser(ZAP-Firefox/Burp-Chrome)을 주로 사용합니다. 그리고 종종 일단 Firefox로도 테스트를 즐겨합니다. 최근 Akita가 Firefox를 사용할 때…
Category: Mix
The View from the Other Side: A Security Analyst’s Perspective on Bug Bounty Triage
I was always intrigued about how things work on the other side of bug bounty. Well, the month of June, 22 made that possible for me…
Bug Bounty FAQ – EdOverflow
A list of questions that bug bounty hunters frequently DM me about. 😄 How do I get started with bug bounty hunting? How do I…
What Is External Attack Surface Management?
External Attack Surface Management (EASM) has become a bit of a buzzword within the cybersecurity industry in the last year. This is not surprising, seeing…
Sponsored Interview — Jason Meller, CEO of KOLIDE
Exploring the intersection of security, technology, and society—and what might be coming next… Standard Web Edition | March 13, 2023 Today I’m doing a Sponsored…
Django project best practices to keep your developers happy
Using Makefiles, pre-commit, and GitHub Actions to help create a happy development team. Do you want your team to enjoy your development workflow? Do you…
5 Common Pitfalls To Avoid In Bug Bounties
5 Common Pitfalls To Avoid In Bug Bounties Source link
HackerOne
U.S. Dept Of Defense disclosed a bug submitted by cdl: https://hackerone.com/reports/736391 Source link
Using Credentials to Own Windows Boxes – Part 2 (PSExec and Services)
In Part 1, I listed some common tools and techniques to use domain credentials to execute commands on Windows machines from Kali linux. In this…
Launching the PortSwigginar | Blog
Adam Armitt | 09 June 2022 at 23:00 UTC Thank you to those who attended our recent PortSwigginar on Burp Suite Enterprise Edition. Below is…
ZAP Custom En/Decoder 만들기
ZAP의 확장성은 Scripting Engine의 파워에서 나옵니다. URL, HTML, Base64 등 테스팅 단계에선 인/디코딩을 하는 경우가 굉장히 많은데요. 이 때 사용하는 Encode/Decode/Hash 기능 또한 Scripting으로 확장할…
Robinhood Goes Long on Bug Bounty: Q&A with Ian Carroll and @ashwarya
Our conversation with Ian Carroll (Staff Security Engineer at Robinhood) spans the history of bug bounty at Robinhood, Ian’s approach to bug bounty program management,…