Reflected XSS at Philips.com. A full write-up; reflected XSS was… | by Jonathan Bouman
Proof of concept Are you aware of any (private) bug bounty programs? I would love to get an invite. Please get in touch with me:…
Category: Mix
BOUNTY THURSDAYS – LIVE #1 (SVG-XML/Redirects/OOB servers and Community Questions)
BOUNTY THURSDAYS – LIVE #1 (SVG-XML/Redirects/OOB servers and Community Questions) Source link
Applying Offensive Reverse Engineering to Facebook Gameroom
Late last year, I was invited to Facebook’s Bountycon event, which is an invitation-only application security conference with a live-hacking segment. Although participants could submit…
Remotely Managing Hyper-V in a Workgroup Environment
A few weekends ago, I decided (because apparently I’m a masochist) that I was tired of the free version of ESXi running my home lab…
How I could Steal Your Google Bug Hunter Account with Two Clicks in IE – Ron Chan
This post is another evidence to show how difficult to parse a URL correctly. IE has URL parsing problem, this idea is originated from Sergey Bobrov.…
No BS Guide – Better Subdomain Enumeration
No BS Guide – Better Subdomain Enumeration Source link
Hacker cats · rez0
A collection of AI-generated Hacker Cats If you want to see an image in full resolution, you can right click on the image and select…
What’s the shortest domain? | Unicode Hacking & Tricks
What’s the shortest domain? | Unicode Hacking & Tricks Source link
Broken Access Control – Lab #6 Method-based access control can be circumvented | Short Version
Broken Access Control – Lab #6 Method-based access control can be circumvented | Short Version Source link
Insecure Deserialization Attack Explained
Insecure Deserialization Attack Explained Source link
Free: Dastardly from Burp Suite | Blog
Matt Atkinson | 27 October 2022 at 13:03 UTC Introducing Dastardly – a free, lightweight web application security scanner for your CI/CD pipeline, from the…
2023 Web Hacking Roadmap // How To Bug Bounty
2023 Web Hacking Roadmap // How To Bug Bounty Source link