Category: Mix

Capture the flag events are particular fun events done to challenge people and get people to really think about the…

Easy Bugs for Hard Cash Continue reading on Medium » Source link

Q: How to write a BUG BOUNTY report that actually gets paid? Source link

While browsing a SharePoint instance recently, I came across an interesting URL in the form https:///_layouts/FormServer.aspx?XsnLocation=https:///resource/Forms/template.xsn. The page itself displayed…

This year I released a challenge for the Full Stack Web Attack class: Whilst several people had solved the challenge,…

When Assetnote Continuous Security (CS) monitors your attack surface, one of the things it looks for are instances of WebPageTest….

This writeup walks you through the full process as to how I found a pretty bad Insecure Direct Object Reference…

After a long day of trying and failing to find vulnerabilities on the Verizon Media bug bounty program I decided…

Slides Supplemental Serverless Toolkit available here: https://github.com/ropnop/serverless_toolkit Source link

From time to time we see postMessage bug in H1 hacktivity, some write ups mentioning the word postMessage, but do…

INTERVIEW WITH @_BASE_64 : 19 Y/o | TOP 150 WORLDWIDE on H1 | METHODOLOGY, MINDSET & MORE… Source link

I quite enjoy external Pentest, especially when the scope is large. There has been some really interesting stuff I have…