The feature works as intended, but what’s in the source? | by Sean (zseano)
This is another bug that was right in front of everyone because if you didn’t purposely look for it you’d never realise personal information was…
Category: Mix
Persistent XSS (unvalidated Open Graph embed) at LinkedIn.com | by Jonathan Bouman
Proof of concept Are you aware of any (private) bug bounty programs? I would love to get an invite. Please get in touch with me:…
Better Exfiltration via HTML Injection | by d0nut
I used Google Drawings and there’s no shame in that This is a story about how I (re)discovered an exploitation technique and took a bug…
Q: HOW do you get started in bug bounty?? How do you build your automation?!
Q: HOW do you get started in bug bounty?? How do you build your automation?! Source link
Down the Rabbit Hole: Unusual Applications of OpenAI in Cybersecurity Tooling
Note: This is the blogpost version of a talk I gave to the National University of Singapore Greyhats club. If you prefer video, you can…
Abusing URL Shortners to discover sensitive resources or assets
September 22, 2015 · websec bruteforce As of late, a fair few companies and startups have been using dedicated URL shortner services to use for…
Exploiting Null Byte Buffer Overflow for a ,000 bounty
As a preface, when I originally found this bug I was unfamiliar the class of “null byte buffer overflow” even existed. I was simply fuzzing…
Thotcon 2018 – Fun With LDAP, Kerberos (and MSRPC) in AD Environments
Slides Supplemental The original (large) PowerPoint wih all embedded GIFs/Videos: https://1drv.ms/p/s!Aq5mEA03Lijrg9h-hsezBkUC5qwXag Source link
One More Thing to Check for SSO – Flickr ATO – Ron Chan
I have something that is worth sharing when you are testing for SSO system. Hope you can learn something new after reading this blog post.…
No BS Guide – ADVANCED BURP (FREE) TRICKS FOR BUG BOUNTY
No BS Guide – ADVANCED BURP (FREE) TRICKS FOR BUG BOUNTY Source link
Payment bypass via parameter tampering
I was recently testing a checkout payment system. It was the type of setup where everything seemed to be locked down and I had no…
How to get setup to create awesome AI art · rez0
Generating hacker art via AI has been a passion of mine for a few months. I was accepted into DALL·E 2’s Beta pretty early. I…