Q: HOW do you get started in bug bounty?? How do you build your automation?!
Q: HOW do you get started in bug bounty?? How do you build your automation?! Source link
Category: Mix
Down the Rabbit Hole: Unusual Applications of OpenAI in Cybersecurity Tooling
Note: This is the blogpost version of a talk I gave to the National University of Singapore Greyhats club. If you prefer video, you can…
Abusing URL Shortners to discover sensitive resources or assets
September 22, 2015 · websec bruteforce As of late, a fair few companies and startups have been using dedicated URL shortner services to use for…
Exploiting Null Byte Buffer Overflow for a ,000 bounty
As a preface, when I originally found this bug I was unfamiliar the class of “null byte buffer overflow” even existed. I was simply fuzzing…
Thotcon 2018 – Fun With LDAP, Kerberos (and MSRPC) in AD Environments
Slides Supplemental The original (large) PowerPoint wih all embedded GIFs/Videos: https://1drv.ms/p/s!Aq5mEA03Lijrg9h-hsezBkUC5qwXag Source link
One More Thing to Check for SSO – Flickr ATO – Ron Chan
I have something that is worth sharing when you are testing for SSO system. Hope you can learn something new after reading this blog post.…
No BS Guide – ADVANCED BURP (FREE) TRICKS FOR BUG BOUNTY
No BS Guide – ADVANCED BURP (FREE) TRICKS FOR BUG BOUNTY Source link
Payment bypass via parameter tampering
I was recently testing a checkout payment system. It was the type of setup where everything seemed to be locked down and I had no…
How to get setup to create awesome AI art · rez0
Generating hacker art via AI has been a passion of mine for a few months. I was accepted into DALL·E 2’s Beta pretty early. I…
Finding DOMXSS with DevTools | Untrusted Types Chrome Extension
Finding DOMXSS with DevTools | Untrusted Types Chrome Extension Source link
About a Sucuri RCE…and How Not to Handle Bug Bounty Reports – RCE Security
TL;DR Sucuri is a self-proclaimed “most recommended website security service among web professionals” offering protection, monitoring and malware removal services. They ran a Bug Bounty…
Broken Access Control – Lab #9 UID controlled by param with data leakage in redirect | Long Version
Broken Access Control – Lab #9 UID controlled by param with data leakage in redirect | Long Version Source link