[tl;dr sec] #167 – SBOM, Scaling Security Alert Management, Mitigating RBAC-Based PrivEsc in Kubernetes
Hey there, I hope you’ve been doing well! Come say “How ya?” at OWASP Dublin If you’re going to be attending OWASP Global AppSec in…
Category: Mix
Unveiling the Wild World of Bug Bounties
Unveiling the Wild World of Bug Bounties Source link
CSRF protection on OIDC login is broken
Nextcloud disclosed a bug submitted by mikaelgundersen: https://hackerone.com/reports/1878381 Source link
Top 3 Most Dangerous Lines of Code
Top 3 Most Dangerous Lines of Code Source link
Firefox privacy and security hardening guide (2022 revised edition)
Firefox privacy and security hardening guide (2022 revised edition) Source link
Easily leaking passenger information on an Airline | by Sean (zseano)
This post is going to outline how I simply applied my methodology and managed to find multiple vulnerabilities leaking airline passenger information on a YesWeHack…
Reflected XSS at Philips.com. A full write-up; reflected XSS was… | by Jonathan Bouman
Proof of concept Are you aware of any (private) bug bounty programs? I would love to get an invite. Please get in touch with me:…
BOUNTY THURSDAYS – LIVE #1 (SVG-XML/Redirects/OOB servers and Community Questions)
BOUNTY THURSDAYS – LIVE #1 (SVG-XML/Redirects/OOB servers and Community Questions) Source link
Applying Offensive Reverse Engineering to Facebook Gameroom
Late last year, I was invited to Facebook’s Bountycon event, which is an invitation-only application security conference with a live-hacking segment. Although participants could submit…
Remotely Managing Hyper-V in a Workgroup Environment
A few weekends ago, I decided (because apparently I’m a masochist) that I was tired of the free version of ESXi running my home lab…
How I could Steal Your Google Bug Hunter Account with Two Clicks in IE – Ron Chan
This post is another evidence to show how difficult to parse a URL correctly. IE has URL parsing problem, this idea is originated from Sergey Bobrov.…
No BS Guide – Better Subdomain Enumeration
No BS Guide – Better Subdomain Enumeration Source link