RCE in Avaya Aura Device Services – Assetnote
For those who haven’t had the pleasure, Avaya Aura is a (rather complicated) platform for managing IP phones. Today we’re going to be looking at…
Category: Mix
Fastjson: exceptional deserialization vulnerabilities – Alphabot Security
Intro Many of you may never have heard of the Java based JSON serialization library called Fastjson, although it’s quite an interesting piece of software.…
The Top 5 Most Common Mobile App Security Flaws – allysonomalley.com
Whether you’re a pentester looking to gain some experience in mobile hacking or a developer aiming to build secure apps, familiarizing yourself with some of…
GitLab AMA – Bug Bounty with Alex Chapman
GitLab AMA – Bug Bounty with Alex Chapman Source link
Deserialization in Perl v5.8 | Agarri : Sécurité informatique offensive
Deserialization in Perl v5.8 During a pentest, I found an application containing a form with a hidden parameter named “state”. Encoded as Base64, it contains…
Predictions for 2023 from Latest API Threat Research
March has arrived and is roaring like a very confused lion, at least in the northern hemisphere. And much like in the wild, brood production…
Scanning for hardcoded secrets in source code | Security Simplified
Scanning for hardcoded secrets in source code | Security Simplified Source link
Clip: Subnets and Subnet Masks
Clip: Subnets and Subnet Masks Source link
[tl;dr sec] #171 – AppSec and CloudSec Resilience, Audit Logs Wall of Shame, Compromised Cloud to Kubernetes Takeover
Hey there, I hope you’ve been doing well! Bingo with Flair 97% of Bingo games in America happen in a retirement home (Source: I just…
Interview with a bounty hunter – “I made 10k$!” – Virdoex_Hunter
Interview with a bounty hunter – “I made 10k$!” – Virdoex_Hunter Source link
information disclosure of another company bug on video.
HackerOne disclosed a bug submitted by manish_adz: https://hackerone.com/reports/1886143 – Bounty: $500 Source link
Instagram App Access Token – These aren’t the access_tokens you’re looking for
In Facebook Graph API as defined by the developer documentation, there are several access tokens, to authenticate against various API endpoints. User Access Tokenmake requests…