Detectify’s journey to an AWS multi-account strategy
In the past year, we’ve shifted our infrastructure from a single Amazon Web Services (AWS) account owned by our Platform team to multiple domain-specific accounts.…
Category: Mix
Build your own serverless subscriber list with Go and AWS
How to build your own newsletter list with DynamoDB and SES email sign up confirmations. You can now subscribe to my email list on victoria.dev!…
Nahamsec interviews Jobert Abma
Note that during these interviews I also moderate thus quality may vary. Profile 🐝 cofounder HackerOne 29 years old started hacking at 11 years old…
How to prevent PHP type juggling vulnerabilities
How to prevent PHP type juggling vulnerabilities Source link
Yorkshire Post Building Demolition #3
Yorkshire Post Building Demolition #3 Source link
[tl;dr sec] #177 – AWS KMS Threat Model, DOM Invader, Forensics in the Cloud
Hey there, I hope you’ve been doing well! Easter Ah Easter, the American holiday where we celebrate the resurrection of Jesus by hiding eggs for…
The Hacker’s Guide to Sneaking in Through the Back Door: A Second Order IDOR Adventure
The Hacker’s Guide to Sneaking in Through the Back Door: A Second Order IDOR Adventure Source link
Possible to spoof Origin in “Connected Sites”
MetaMask disclosed a bug submitted by renniepak: https://hackerone.com/reports/1710564 – Bounty: $1000 Source link
Hacking APIs: Fuzzing 101
Hacking APIs: Fuzzing 101 Source link
Hey, what’s up?
Hey, what’s up? Source link
Wanna hack zseano website and get paid? – Bounty Thursdays #28
Wanna hack zseano website and get paid? – Bounty Thursdays #28 Source link
A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell
While researching a bug bounty target, I came across a web application that processed a custom file type. Let’s call it .xyz. A quick Google…