Response Shaping: How to Move from AI “Prompts” to AI Whispering
How to get consistently high-quality results from the AIs you interact with Created/Updated: March 20, 2023 Interacting with AI just became a critical skill. In…
Category: Mix
Hacking on Bug Bounties for a Living
Hacking on Bug Bounties for a Living Source link
What is bug bounty?
What is bug bounty? Source link
How do companies respond to 0days in 3rd party software?
How do companies respond to 0days in 3rd party software? Source link
There are better options for a privacy-respecting phone
Meet the new, better Apple. Here’s how to choose your phone and set it up. Whether you think the news of Apple scanning your private…
The Mr Robot “Hack Twitch” video
The Mr Robot “Hack Twitch” video Source link
The Best Bug Bounty Recon Methodology
My first introduction to reconnaissance was Jason Haddix’s Bug Bounty Hunters Methodology. It’s the de facto standard and is still updated every year. There are…
Pre Auth Remote Command Execution (CVE-2022-36804) – Assetnote
Often when performing application security research, we come across other researchers who have found critical vulnerabilities in software that can inspire us to dig deeper…
Misconfigured JSF ViewStates can lead to severe RCE vulnerabilities
tl;dr ViewStates in JSF are serialized Java objects. If the used JSF implementation in a web application is not configured to encrypt the ViewState the…
Seguridad de iOS – Web View XSS – allysonomalley.com
Esta entrada se trata de una vulnerabilidad sencilla, pero peligrosa, que he visto en varias ocasiones. Creo que esta falla debería ser mas conocida –…
community/KCSA-CVE-2020-28914.md at main · kata-containers/community · GitHub
announcement-date: 2020-11-17 id: KCSA-CVE-2020-28914 title: Kata Containers Improper file permissions for read-only volumes description: An improper file permissions vulnerability affects Kata Containers prior to 1.11.5.…
Exploiting WPAD with Burp Suite and the “HTTP Injector” extension | Agarri : Sécurité informatique offensive
Exploiting WPAD with Burp Suite and the “HTTP Injector” extension I went last week to the ASFWS conference (“Application Security Forum – Western Switzerland”) at…