Eliminating Authorization Vulnerabilities with Dacquiri | by d0nut
Over the last year I’ve taken a step away from my usual bug bounty work to focus more on building...
Read more →Category: Mix
Hacking Pulse Secure for Redteaming
This write-up is the collective efforts of collaborating with various hackers on exploring and furthering research that was presented by...
Read more →
Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
The Story of a Novel Supply Chain Attack Continue reading on Medium » Source link
Read more →
How to turn bugs into a “passive” income stream! ft Detectify’s Almroot
How to turn bugs into a “passive” income stream! ft Detectify’s Almroot Source link
Read more →
I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS
When is copy-paste payloads not self-XSS? When it’s stored XSS. Recently, I reviewed Zoom’s code to uncover an interesting attack...
Read more →
Pre-Authenticated RCE in VMWare vRealize Operations Manager
On May 27th, I reported a handful of security vulnerabilities to VMWare impacting their vRealize Operations Management Suite (vROps) appliance....
Read more →
Finding Hidden Files and Folders on IIS using BigQuery – Assetnote
Motivations I recently made a video on how to find hidden files and folders on IIS through the use...
Read more →
Don’t Reply: A Clever Phishing Method In Apple’s Mail App
About four or five years ago, friend and fellow bug bounty hunter Sam Curry asked if I had “ever thought...
Read more →
Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library
Overview On August 24th, 2022, we reported a vulnerability to Netlify affecting their Next.js “netlify-ipx” repository which would allow an...
Read more →
ChiBrrCon 2020: Don’t Cross Me! Same Origin Policy and all the “cross” vulns
ChiBrrCon 2020: Don’t Cross Me! Same Origin Policy and all the “cross” vulns Source link
Read more →![[Google VRP] SSRF in Google Cloud Platform StackDriver – Ron Chan](https://cybernoz.com/wp-content/uploads/2023/03/Google-VRP-SSRF-in-Google-Cloud-Platform-StackDriver-–-Ron.png "[Google VRP] SSRF in Google Cloud Platform StackDriver – Ron Chan 22")
[Google VRP] SSRF in Google Cloud Platform StackDriver – Ron Chan
During the process of testing GAE after reading this awesome blog post, I found a debug application in Google Cloud...
Read more →
FROM 0 to $$$$ – MY BIGGEST BUG BOUNTY LEARNINGS!
FROM 0 to $$$$ – MY BIGGEST BUG BOUNTY LEARNINGS! Source link
Read more →