Category: Mix

Amazon SNS A2A Fanout Pattern
16
Mar
2023

Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrl

Note: This is the “text notes” version of my DEF CON 30 Cloud Village Lightning Talk. The talk was not…

Share: X : Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrlFacebook : Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrlLinkedin : Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrlReddit : Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrlTelegram : Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrlWhatsApp : Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrlEmail : Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrl
For the better right
16
Mar
2023

Unauthenticated Remote Code Execution against CommVault Command Center

When Justin Kennedy and Brandon Perry asked me if I was interested in performing a little audit together, I couldn’t…

Share: X : Unauthenticated Remote Code Execution against CommVault Command CenterFacebook : Unauthenticated Remote Code Execution against CommVault Command CenterLinkedin : Unauthenticated Remote Code Execution against CommVault Command CenterReddit : Unauthenticated Remote Code Execution against CommVault Command CenterTelegram : Unauthenticated Remote Code Execution against CommVault Command CenterWhatsApp : Unauthenticated Remote Code Execution against CommVault Command CenterEmail : Unauthenticated Remote Code Execution against CommVault Command Center
Expanding the Attack Surface: React Native Android Applications
16
Mar
2023

Expanding the Attack Surface: React Native Android Applications

window.location.replace(“https://blog.assetnote.io/bug-bounty/2020/02/01/expanding-attack-surface-react-native/”); You can find this blog post on Assetnote’s blog. Source link

Share: X : Expanding the Attack Surface: React Native Android ApplicationsFacebook : Expanding the Attack Surface: React Native Android ApplicationsLinkedin : Expanding the Attack Surface: React Native Android ApplicationsReddit : Expanding the Attack Surface: React Native Android ApplicationsTelegram : Expanding the Attack Surface: React Native Android ApplicationsWhatsApp : Expanding the Attack Surface: React Native Android ApplicationsEmail : Expanding the Attack Surface: React Native Android Applications
Using Burp Suite match and replace settings to escalate your user privileges and find hidden features
16
Mar
2023

Using Burp Suite match and replace settings to escalate your user privileges and find hidden features

On May 14th, Lew Cirne, the CEO of New Relic, announced a new platform called New Relic One. The platform,…

Share: X : Using Burp Suite match and replace settings to escalate your user privileges and find hidden featuresFacebook : Using Burp Suite match and replace settings to escalate your user privileges and find hidden featuresLinkedin : Using Burp Suite match and replace settings to escalate your user privileges and find hidden featuresReddit : Using Burp Suite match and replace settings to escalate your user privileges and find hidden featuresTelegram : Using Burp Suite match and replace settings to escalate your user privileges and find hidden featuresWhatsApp : Using Burp Suite match and replace settings to escalate your user privileges and find hidden featuresEmail : Using Burp Suite match and replace settings to escalate your user privileges and find hidden features
Hacking Chess.com and Accessing 50 Million Customer Records
16
Mar
2023

Hacking Chess.com and Accessing 50 Million Customer Records

To preface: the bug we found here is really simple. The interesting thing here is the impact of the vulnerability…

Share: X : Hacking Chess.com and Accessing 50 Million Customer RecordsFacebook : Hacking Chess.com and Accessing 50 Million Customer RecordsLinkedin : Hacking Chess.com and Accessing 50 Million Customer RecordsReddit : Hacking Chess.com and Accessing 50 Million Customer RecordsTelegram : Hacking Chess.com and Accessing 50 Million Customer RecordsWhatsApp : Hacking Chess.com and Accessing 50 Million Customer RecordsEmail : Hacking Chess.com and Accessing 50 Million Customer Records
ropnop blog
16
Mar
2023

Troopers 2019: Fun With LDAP and Kerberos

Recording Slides Source link

Share: X : Troopers 2019: Fun With LDAP and KerberosFacebook : Troopers 2019: Fun With LDAP and KerberosLinkedin : Troopers 2019: Fun With LDAP and KerberosReddit : Troopers 2019: Fun With LDAP and KerberosTelegram : Troopers 2019: Fun With LDAP and KerberosWhatsApp : Troopers 2019: Fun With LDAP and KerberosEmail : Troopers 2019: Fun With LDAP and Kerberos
Old but GOLD Dot Dot Slash to Get the Flag — Uber Microservice – Ron Chan
16
Mar
2023

Old but GOLD Dot Dot Slash to Get the Flag — Uber Microservice – Ron Chan

Uber is built on a bunch of microservices, naturally, if you want to interact with microservice, you may want to…

Share: X : Old but GOLD Dot Dot Slash to Get the Flag — Uber Microservice – Ron ChanFacebook : Old but GOLD Dot Dot Slash to Get the Flag — Uber Microservice – Ron ChanLinkedin : Old but GOLD Dot Dot Slash to Get the Flag — Uber Microservice – Ron ChanReddit : Old but GOLD Dot Dot Slash to Get the Flag — Uber Microservice – Ron ChanTelegram : Old but GOLD Dot Dot Slash to Get the Flag — Uber Microservice – Ron ChanWhatsApp : Old but GOLD Dot Dot Slash to Get the Flag — Uber Microservice – Ron ChanEmail : Old but GOLD Dot Dot Slash to Get the Flag — Uber Microservice – Ron Chan
INTERVIEW w @SherlockSecure : TOP 15 on GITHUB | TOP 400 on BC | APPROACH, MINDSET & MORE...
15
Mar
2023

INTERVIEW w @SherlockSecure : TOP 15 on GITHUB | TOP 400 on BC | APPROACH, MINDSET & MORE…

INTERVIEW w @SherlockSecure : TOP 15 on GITHUB | TOP 400 on BC | APPROACH, MINDSET & MORE… Source link

Share: X : INTERVIEW w @SherlockSecure : TOP 15 on GITHUB | TOP 400 on BC | APPROACH, MINDSET & MORE…Facebook : INTERVIEW w @SherlockSecure : TOP 15 on GITHUB | TOP 400 on BC | APPROACH, MINDSET & MORE…Linkedin : INTERVIEW w @SherlockSecure : TOP 15 on GITHUB | TOP 400 on BC | APPROACH, MINDSET & MORE…Reddit : INTERVIEW w @SherlockSecure : TOP 15 on GITHUB | TOP 400 on BC | APPROACH, MINDSET & MORE…Telegram : INTERVIEW w @SherlockSecure : TOP 15 on GITHUB | TOP 400 on BC | APPROACH, MINDSET & MORE…WhatsApp : INTERVIEW w @SherlockSecure : TOP 15 on GITHUB | TOP 400 on BC | APPROACH, MINDSET & MORE…Email : INTERVIEW w @SherlockSecure : TOP 15 on GITHUB | TOP 400 on BC | APPROACH, MINDSET & MORE…
Hacking Razer Pay Ewallet App
15
Mar
2023

Hacking Razer Pay Ewallet App

Introduction This write-up is about hacking the Razer Pay Android app – an E-Wallet app used in Singapore and Malaysia….

Share: X : Hacking Razer Pay Ewallet AppFacebook : Hacking Razer Pay Ewallet AppLinkedin : Hacking Razer Pay Ewallet AppReddit : Hacking Razer Pay Ewallet AppTelegram : Hacking Razer Pay Ewallet AppWhatsApp : Hacking Razer Pay Ewallet AppEmail : Hacking Razer Pay Ewallet App
Ideal Tasks and Use-Cases · rez0
15
Mar
2023

Ideal Tasks and Use-Cases · rez0

I’ve been using ChatGPT for lots of hacking or engineering tasks. It’s extremely useful and much faster than executing on…

Share: X : Ideal Tasks and Use-Cases · rez0Facebook : Ideal Tasks and Use-Cases · rez0Linkedin : Ideal Tasks and Use-Cases · rez0Reddit : Ideal Tasks and Use-Cases · rez0Telegram : Ideal Tasks and Use-Cases · rez0WhatsApp : Ideal Tasks and Use-Cases · rez0Email : Ideal Tasks and Use-Cases · rez0
Automating Permission Checks Using OpenAPI Security Scanner?
15
Mar
2023

Automating Permission Checks Using OpenAPI Security Scanner?

Automating Permission Checks Using OpenAPI Security Scanner? Source link

Share: X : Automating Permission Checks Using OpenAPI Security Scanner?Facebook : Automating Permission Checks Using OpenAPI Security Scanner?Linkedin : Automating Permission Checks Using OpenAPI Security Scanner?Reddit : Automating Permission Checks Using OpenAPI Security Scanner?Telegram : Automating Permission Checks Using OpenAPI Security Scanner?WhatsApp : Automating Permission Checks Using OpenAPI Security Scanner?Email : Automating Permission Checks Using OpenAPI Security Scanner?
netcup-xss
15
Mar
2023

AWAE Course and OSWE Exam Review – RCE Security

This is a review of the Advanced Web Attacks and Exploitation (WEB-300) course and its OSWE exam by Offensive-Security. I’ve…

Share: X : AWAE Course and OSWE Exam Review – RCE SecurityFacebook : AWAE Course and OSWE Exam Review – RCE SecurityLinkedin : AWAE Course and OSWE Exam Review – RCE SecurityReddit : AWAE Course and OSWE Exam Review – RCE SecurityTelegram : AWAE Course and OSWE Exam Review – RCE SecurityWhatsApp : AWAE Course and OSWE Exam Review – RCE SecurityEmail : AWAE Course and OSWE Exam Review – RCE Security