we faced (w/ @celalerdik) an interesting ssti vulnerability on a bugcrowd’s program. we could show the traditional 49’ number when trying the ‘${7*7}’ command, also…
Advent of Cyber 2022: Day 16 SQLi’s the king, the carolers sing (Walkthrough) Source link
How They Got Hacked Episode Fifty Eight 58 Source link
An example use case of bbrf, here integrating with subfinder from projectdiscovery.io Like anyone involved in bug bounty hunting, I have encountered a number of…
Finding security vulnerabilities with GitHub’s new code search Source link
1 min read 💎 Cullinan :: Develop Elixir Cheatsheet HAHWUL in cullinan Source link
Let’s Recon With Vaibhav | Hacker2Hacker | #osint #bugbounty Source link
Leveraging Bug Bounties for Your Career | Panel Source link
HackerOne Live Hacking Events are back! We wrapped a tremendous year of events for 2022 where we saw some amazing success. Some of the most…
Finding IDORs with CODE REVIEWS! Source link
Google Cloud Platform (GCP) lets G Suite and Cloud Identity users create what are called “Organizations”. GCP organizations can be used to easily manage resources…
A good friend of mine and successful bug bounty hunter, Corben Leo, discussed in a blog post how he spotted an Express app from an…
