Build, Break, and Hack WebSockets
Build, Break, and Hack WebSockets Source link
Category: Mix
Is Apple deliberately killing our batteries?
Is Apple deliberately killing our batteries? Source link
Finding XSS on .apple.com and building a proof of concept to leak your PII information | by Sean (zseano)
Back in February of this year I hacked with members of BugBountyHunter.com on a public bug bounty program and we chose Apple as our target.…
Blind SQL Injection at fasteditor.hema.com | by Jonathan Bouman
Proof of concept. The username of the database user starts with ‘hema’. BackgroundThese days almost every website uses a database. A server application will formulate…
Discovering a 16 Million Download/Week Node.js Package Zero Day for a Capture the Flag Challenge
GovTech’s Cyber Security Group recently organised the STACK the Flags Cybersecurity Capture-the-Flag (CTF) competition from 4th to 6th December 2020. For the web domain, my…
The $16,000 Dev Mistake. Hello all! | by Daniel Marte
Hello all! Its been a while since my last write up. As a-lot of you know, last year I joined the Bugcrowd team as an…
Eliminating Authorization Vulnerabilities with Dacquiri | by d0nut
Over the last year I’ve taken a step away from my usual bug bounty work to focus more on building resync — my continuous reconnaissance…
Hacking Pulse Secure for Redteaming
This write-up is the collective efforts of collaborating with various hackers on exploring and furthering research that was presented by Orange Tsai (orange_8361) and Meh…
Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
The Story of a Novel Supply Chain Attack Continue reading on Medium » Source link
How to turn bugs into a “passive” income stream! ft Detectify’s Almroot
How to turn bugs into a “passive” income stream! ft Detectify’s Almroot Source link
I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS
When is copy-paste payloads not self-XSS? When it’s stored XSS. Recently, I reviewed Zoom’s code to uncover an interesting attack vector. Along the way, I…
Pre-Authenticated RCE in VMWare vRealize Operations Manager
On May 27th, I reported a handful of security vulnerabilities to VMWare impacting their vRealize Operations Management Suite (vROps) appliance. In this blog post I…