Weaponising Unicode for Fun and Profit | by Eugene Lim | CSG @ GovTech
Plus a tool and tips for defenders. In this article, I will describe how Unicode — the encoding standard behind...
Read more →Category: Mix
Chains on Chains!! Chaining several IDOR’s into Account Takeover(PART ONE) | by Daniel Marte
Hello Everybody, Welcome to my FIRST writeup! Just to give you some background, My name is Daniel, I started hacking...
Read more →
Week 2
This week wasn’t about me. I and millions of others were focused on the murder of George Floyd. Black Lives Matter. My progress...
Read more →
H1–212 Capture the Flag Write up. Introduction to the challenge and… | by Alyssa Herrera
Capture the flag events are particular fun events done to challenge people and get people to really think about the...
Read more →
How I hacked Google’s bug tracking system itself for $15,600 in bounties
Easy Bugs for Hard Cash Continue reading on Medium » Source link
Read more →
Q: How to write a BUG BOUNTY report that actually gets paid?
Q: How to write a BUG BOUNTY report that actually gets paid? Source link
Read more →
Embedding Payloads and Bypassing Controls in Microsoft InfoPath
While browsing a SharePoint instance recently, I came across an interesting URL in the form https:///_layouts/FormServer.aspx?XsnLocation=https:///resource/Forms/template.xsn. The page itself displayed...
Read more →
Full Stack Web Attack 2021 :: Zero Day Give Away
This year I released a challenge for the Full Stack Web Attack class: Whilst several people had solved the challenge,...
Read more →
Discovering a zero day and getting code execution on Mozilla’s AWS Network – Assetnote
When Assetnote Continuous Security (CS) monitors your attack surface, one of the things it looks for are instances of WebPageTest....
Read more →
Get as image function pulls any Insights/NRQL data from any New Relic account (IDOR)
This writeup walks you through the full process as to how I found a pretty bad Insecure Direct Object Reference...
Read more →
Hacking Starbucks and Accessing Nearly 100 Million Customer Records
After a long day of trying and failing to find vulnerabilities on the Verizon Media bug bounty program I decided...
Read more →
OWASP Chicago 2018 – Pentesting with Serverless Infrastructure
Slides Supplemental Serverless Toolkit available here: https://github.com/ropnop/serverless_toolkit Source link
Read more →