GitHub for Bug Bounty Hunters
GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for…
Category: Mix
Proactively reduce risks with Attack Surface Custom Policies
Introducing Attack Surface Custom Policies If you’re responsible for security, then you know how useful it is to have clearly-defined security policies that are simple…
What’s My Bar for AGI? A Stand-up Comedy Routine
I’ll accept something as AGI when it can write a solid set of original jokes good enough to make real people laugh Created/Updated: March 20,…
Increase developer confidence with a great Django test suite
How to write tests for your Django applications that are painless and productive. Done correctly, tests are one of your application’s most valuable assets. The…
Race Condition + New Labs
Race Condition + New Labs Source link
Sensitive Information Disclosure
Trellix disclosed a bug submitted by ashishmurugan: https://hackerone.com/reports/1577793 Source link
Using Credentials to Own Windows Boxes – Part 3 (WMI and WinRM)
This is the third part of a series showing how to remotely execute commands (and “own”) Windows machines once you have compromised a set of…
How to see the impact installing BApps might have on Burp Suite | Blog
Matt Atkinson | 16 June 2022 at 13:50 UTC If you’ve ever installed any Burp extensions from the BApp Store, you’ll know that it’s a…
Client-Side Desync Attack (CSD)
🔍 Introduction Client-Side Desync(CSD) Attack은 HTTP Request Smuggling(HRS, Desync Attack)의 한 종류로 기존의 HRS가 Browser가 전송할 수 없는 형태의 HTTP Request를 임의로 전송하여 서버 또는…
What Does Belgium’s New Legal Framework On Hacking Mean For Me?
The Belgian government has recently announced a new Belgian law that will allow ethical hackers to hack any Belgian company without any prior permission. Historically,…
Capture the flag: reversing the passwords (Solutions)
Step 1 – Recovering the corrupted data According to the doc, the following stream is corrupted: 7b 0a 20 a0 22 65 76 e5 6e…
How to set up Attack Surface Custom Policies
Validate security policies like you mean it Not everything on your attack surface is a vulnerability. Every organization has their own internal security policies that…