Persistent XSS (Unvalidated oEmbed) at Medium.com | by Jonathan Bouman
Proof of concept Are you aware of any (private) bug bounty programs? I would love to get an invite. Please get in touch with me:…
Category: Mix
5 Tips Bug Bounty Programs *Want* You to Know About | by d0nut
This is the only good CC0 image I could find If you’re not aware, I joined Dropbox’s security team last September. Since then, I’ve become…
Q: PENTEST VS BUGBOUNTY? (Bounty Thursday’s – ON AIR)
Q: PENTEST VS BUGBOUNTY? (Bounty Thursday’s – ON AIR) Source link
ROP and Roll: EXP-301 Offensive Security Exploit Developer (OSED) Review and Exam
The Windows User Mode Exploit Development (EXP-301) course and the accompanying Offensive Security Exploit Developer (OSED) certification is the last of the three courses to…
Bypassing Apple’s iOS 10 Restrictions Settings – Twice
By default, Apple has a feature that allows all of their iOS devices to be assigned restrictions, so that employees and mostly children cannot access naughty websites…
Analysis of CVE-2019-14994 – Jira Service Desk Path Traversal leads to Massive Information Disclosure
Jira Service Desk is a help desk application that is built on top of core Jira. It allows customers to submit tickets that can be…
Configuring Burp Suite With Android Nougat
This last weekend I started testing a new Android app for fun, and ran into some trouble getting Burp Suite working properly. I burned a…
Backdoor of All Flickr API Calls by XSSI – Ron Chan
After reporting the Flickr ATO fix bypass, I left Flickr for a few days and go hunt after Uber. I keep changing the target from…
INTERVIEW WITH @MR_HACKER | TOP 20 on INTIGRITI | METHODOLOGY, TIPS & TRICKS, ETC.
INTERVIEW WITH @MR_HACKER | TOP 20 on INTIGRITI | METHODOLOGY, TIPS & TRICKS, ETC. Source link
How to secure against Forced Browsing · rez0
Eliminate an entire vulnerability class from your web server in less than an hour As a hacker and bug hunter, one of my favorite bugs…
Hacking 1Password | Episode 3 – Decrypting the data without Crypto Knowledge
Hacking 1Password | Episode 3 – Decrypting the data without Crypto Knowledge Source link
Schneider Electric U.Motion Builder Remote Code Execution 0-day – RCE Security
I came across an unauthenticated Remote Code Execution vulnerability (called CVE-2018-7841) on an IoT device which was apparently using a component provided by Schneider Electric…