Deserialization in Perl v5.8 | Agarri : Sécurité informatique offensive
Deserialization in Perl v5.8 During a pentest, I found an application containing a form with a hidden parameter named “state”. Encoded as Base64, it contains…
Category: Mix
Predictions for 2023 from Latest API Threat Research
March has arrived and is roaring like a very confused lion, at least in the northern hemisphere. And much like in the wild, brood production…
Scanning for hardcoded secrets in source code | Security Simplified
Scanning for hardcoded secrets in source code | Security Simplified Source link
Clip: Subnets and Subnet Masks
Clip: Subnets and Subnet Masks Source link
[tl;dr sec] #171 – AppSec and CloudSec Resilience, Audit Logs Wall of Shame, Compromised Cloud to Kubernetes Takeover
Hey there, I hope you’ve been doing well! Bingo with Flair 97% of Bingo games in America happen in a retirement home (Source: I just…
Interview with a bounty hunter – “I made 10k$!” – Virdoex_Hunter
Interview with a bounty hunter – “I made 10k$!” – Virdoex_Hunter Source link
information disclosure of another company bug on video.
HackerOne disclosed a bug submitted by manish_adz: https://hackerone.com/reports/1886143 – Bounty: $500 Source link
Instagram App Access Token – These aren’t the access_tokens you’re looking for
In Facebook Graph API as defined by the developer documentation, there are several access tokens, to authenticate against various API endpoints. User Access Tokenmake requests…
Build, Break, and Hack WebSockets
Build, Break, and Hack WebSockets Source link
Is Apple deliberately killing our batteries?
Is Apple deliberately killing our batteries? Source link
Finding XSS on .apple.com and building a proof of concept to leak your PII information | by Sean (zseano)
Back in February of this year I hacked with members of BugBountyHunter.com on a public bug bounty program and we chose Apple as our target.…
Blind SQL Injection at fasteditor.hema.com | by Jonathan Bouman
Proof of concept. The username of the database user starts with ‘hema’. BackgroundThese days almost every website uses a database. A server application will formulate…