How to turn bugs into a “passive” income stream! ft Detectify’s Almroot
How to turn bugs into a “passive” income stream! ft Detectify’s Almroot Source link
Category: Mix
I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS
When is copy-paste payloads not self-XSS? When it’s stored XSS. Recently, I reviewed Zoom’s code to uncover an interesting attack vector. Along the way, I…
Pre-Authenticated RCE in VMWare vRealize Operations Manager
On May 27th, I reported a handful of security vulnerabilities to VMWare impacting their vRealize Operations Management Suite (vROps) appliance. In this blog post I…
Finding Hidden Files and Folders on IIS using BigQuery – Assetnote
Motivations I recently made a video on how to find hidden files and folders on IIS through the use of IIS Shortname Scanner. Using…
Don’t Reply: A Clever Phishing Method In Apple’s Mail App
About four or five years ago, friend and fellow bug bounty hunter Sam Curry asked if I had “ever thought about what was possible to…
Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library
Overview On August 24th, 2022, we reported a vulnerability to Netlify affecting their Next.js “netlify-ipx” repository which would allow an attacker to achieve persistent cross-site…
ChiBrrCon 2020: Don’t Cross Me! Same Origin Policy and all the “cross” vulns
ChiBrrCon 2020: Don’t Cross Me! Same Origin Policy and all the “cross” vulns Source link
[Google VRP] SSRF in Google Cloud Platform StackDriver – Ron Chan
During the process of testing GAE after reading this awesome blog post, I found a debug application in Google Cloud Platform Stackdriver, user can debug…
FROM 0 to $$$$ – MY BIGGEST BUG BOUNTY LEARNINGS!
FROM 0 to $$$$ – MY BIGGEST BUG BOUNTY LEARNINGS! Source link
Bountycon2020 Presentation | Richard’s Infosec blog
I was recently invited to present at BountyCon 2020. This was supposed to early March in Singapore where flights and accomodations were all provided for.…
How to Spend Time Well, A Framework · rez0
For a healthy person in a first world country, the number of things we could do is near infinite. And yet, everyone spends 90% of…
Include This In Your Hacking Workflow by Continuous Monitoring with AuthoGraphQL (How-to guide)
Include This In Your Hacking Workflow by Continuous Monitoring with AuthoGraphQL (How-to guide) Source link