[www.32red.com] Reverse proxy misconfiguration leads to 1-click account takeover
Kindred Group disclosed a bug submitted by sw33tlie: https://hackerone.com/reports/1632973 – Bounty: $5250 Source link
Category: Mix
Attacking JWT – Header Injections
Attacking JWT – Header Injections Source link
Answering your questions about Superbacked
Answering your questions about Superbacked Source link
New features means new bugs. Sometimes new features designed to… | by Sean (zseano)
Sometimes new features designed to generate revenue for a company can be rushed and sometimes not enough thought has gone into how to securely implement…
Persistent XSS (Unvalidated oEmbed) at Medium.com | by Jonathan Bouman
Proof of concept Are you aware of any (private) bug bounty programs? I would love to get an invite. Please get in touch with me:…
5 Tips Bug Bounty Programs *Want* You to Know About | by d0nut
This is the only good CC0 image I could find If you’re not aware, I joined Dropbox’s security team last September. Since then, I’ve become…
Q: PENTEST VS BUGBOUNTY? (Bounty Thursday’s – ON AIR)
Q: PENTEST VS BUGBOUNTY? (Bounty Thursday’s – ON AIR) Source link
ROP and Roll: EXP-301 Offensive Security Exploit Developer (OSED) Review and Exam
The Windows User Mode Exploit Development (EXP-301) course and the accompanying Offensive Security Exploit Developer (OSED) certification is the last of the three courses to…
Bypassing Apple’s iOS 10 Restrictions Settings – Twice
By default, Apple has a feature that allows all of their iOS devices to be assigned restrictions, so that employees and mostly children cannot access naughty websites…
Analysis of CVE-2019-14994 – Jira Service Desk Path Traversal leads to Massive Information Disclosure
Jira Service Desk is a help desk application that is built on top of core Jira. It allows customers to submit tickets that can be…
Configuring Burp Suite With Android Nougat
This last weekend I started testing a new Android app for fun, and ran into some trouble getting Burp Suite working properly. I burned a…
Backdoor of All Flickr API Calls by XSSI – Ron Chan
After reporting the Flickr ATO fix bypass, I left Flickr for a few days and go hunt after Uber. I keep changing the target from…