Discovering the IP address of a WordPress site hidden behind Cloudflare
Cloudflare is a company that provides domain name (DNS) services, Distributed Denial of Service (DDoS) protection, and a content delivery network (CDN) to its customers.…
Category: Mix
NO. 375 | 6 Post-GPT Phases, Github’s Private Key, New Assistant Interfaces
Exploring the intersection of security, technology, and society—and what might be coming next… Standard Web Edition | Ep. 375 | March 27, 2023 Happy Monday!…
🔴 Live Video Editing: Beginners Bug Bounty, Where to Begin
🔴 Live Video Editing: Beginners Bug Bounty, Where to Begin Source link
How does the internet work?
How does the internet work? Source link
Saving time by automating bug bounty reports
Saving time by automating bug bounty reports Source link
Building in context | victoria.dev
The best laid plans are made better by staying close to context. It’s a comedy classic – you’ve got a grand idea. Maybe you want…
Essential Bug Bounty Books for Beginners and Pros
These bug bounty hunting books come recommended by top bug bounty hunters and hackers. Most of them cover web applications, other categories are mobile and…
Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135) – Assetnote
TL;DR Jira is vulnerable to SSRF which requires authentication to exploit. There are multiple ways to create user accounts on Jira in order to exploit…
How to configure Json.NET to create a vulnerable web API
tl;dr No, of course, you don’t want to create a vulnerable JSON API. So when using Json.NET: Don’t use another TypeNameHandling setting than the default:…
Binary Analysis and Debugging – allysonomalley.com
This post is the 4th and final part a series giving an overview of the most useful iOS app pentesting tools. We will start with…
GitLab – GitLab-Runner on Windows `DOCKER_AUTH_CONFIG` container host Command Injection
HackerOne bug report to GitLab: GitLab-Runner, when running on Windows with a docker executor, is vulnerable to Command Injection via the DOCKER_AUTH_CONFIG build variable. Injected…
Q4-2022 API ThreatStats™ Report
We’re pleased to present the latest quarterly review and analysis of API vulnerabilities and exploits. This time, we’re going to split our discussion into two…