What’s the most profitable bug bounty Michael has reported?
What’s the most profitable bug bounty Michael has reported? Source link
Category: Mix
Training XSS Muscles – Brute XSS
XSS is all about practice. It requires a lot of time to print in the mind all vectors, payloads and tricks at our disposal. There…
NahamCon – Trash the Cache Write-up (Web 1000)
I recently participated in the NahamCon CTF with the team Hacking for Soju. I was unable to complete this challenge before the end of the…
My paper to-do strategy | victoria.dev
Simplify your task management strategy with my favorite hardware: paper. Coding up a to-do app may be the Hello, World of every framework, but when…
Alfred WebApp Payloads Demo (XSS & Reverse Shell Payloads!)
Alfred WebApp Payloads Demo (XSS & Reverse Shell Payloads!) Source link
Information Security News Resources
A centralized way to consume your information security news, with a focus on web application security. Save time and effort, because keeping up-to-date shouldn’t be…
Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI – Assetnote
At Assetnote, we often audit enterprise software source code to discover pre-authentication vulnerabilities. Yellowfin BI had significance to us because it is a popular analytics…
Your Java builds might break starting January 13th (if you haven’t yet switched repo access to HTTPS) – Alphabot Security
Summary This blog post is a reminder that you should make sure that all your builds in the Java ecosystem access the artifact repositories (e.g.…
an Out-of-Band DNS Monitor – allysonomalley.com
I’ve been working on a few small projects while learning Go, and this one turned out to be useful enough that I thought I’d go…
Container security: Privilege escalation bug patched in Docker Engine
Adam Bannister 09 February 2021 at 12:47 UTC Updated: 09 February 2021 at 12:59 UTC ‘An odd one, impact wise’ A vulnerability in a Docker…
AMF parsing and XXE | Agarri : Sécurité informatique offensive
AMF parsing and XXE I recently played with two libraries parsing the AMF (aka Action Message Format) binary format: BlazeDS and PyAMF. Both libraries were…
2022 Year-End API ThreatStats™ Report
In 2022, the Wallarm Threat Research team went through almost 350,000 reports to find 650 API-specific vulnerabilities, and tracked 115 published exploits impacting these vulnerabilities…