Category: Mix

How to turn bugs into a "passive" income stream! ft Detectify's Almroot
12
Mar
2023

How to turn bugs into a “passive” income stream! ft Detectify’s Almroot

How to turn bugs into a “passive” income stream! ft Detectify’s Almroot Source link

Share: X : How to turn bugs into a “passive” income stream! ft Detectify’s AlmrootFacebook : How to turn bugs into a “passive” income stream! ft Detectify’s AlmrootLinkedin : How to turn bugs into a “passive” income stream! ft Detectify’s AlmrootReddit : How to turn bugs into a “passive” income stream! ft Detectify’s AlmrootTelegram : How to turn bugs into a “passive” income stream! ft Detectify’s AlmrootWhatsApp : How to turn bugs into a “passive” income stream! ft Detectify’s AlmrootEmail : How to turn bugs into a “passive” income stream! ft Detectify’s Almroot
Zoom Whiteboard
12
Mar
2023

I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS

When is copy-paste payloads not self-XSS? When it’s stored XSS. Recently, I reviewed Zoom’s code to uncover an interesting attack…

Share: X : I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSSFacebook : I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSSLinkedin : I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSSReddit : I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSSTelegram : I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSSWhatsApp : I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSSEmail : I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS
vROps
12
Mar
2023

Pre-Authenticated RCE in VMWare vRealize Operations Manager

On May 27th, I reported a handful of security vulnerabilities to VMWare impacting their vRealize Operations Management Suite (vROps) appliance….

Share: X : Pre-Authenticated RCE in VMWare vRealize Operations ManagerFacebook : Pre-Authenticated RCE in VMWare vRealize Operations ManagerLinkedin : Pre-Authenticated RCE in VMWare vRealize Operations ManagerReddit : Pre-Authenticated RCE in VMWare vRealize Operations ManagerTelegram : Pre-Authenticated RCE in VMWare vRealize Operations ManagerWhatsApp : Pre-Authenticated RCE in VMWare vRealize Operations ManagerEmail : Pre-Authenticated RCE in VMWare vRealize Operations Manager
Finding Hidden Files and Folders on IIS using BigQuery – Assetnote
12
Mar
2023

Finding Hidden Files and Folders on IIS using BigQuery – Assetnote

  Motivations I recently made a video on how to find hidden files and folders on IIS through the use…

Share: X : Finding Hidden Files and Folders on IIS using BigQuery – AssetnoteFacebook : Finding Hidden Files and Folders on IIS using BigQuery – AssetnoteLinkedin : Finding Hidden Files and Folders on IIS using BigQuery – AssetnoteReddit : Finding Hidden Files and Folders on IIS using BigQuery – AssetnoteTelegram : Finding Hidden Files and Folders on IIS using BigQuery – AssetnoteWhatsApp : Finding Hidden Files and Folders on IIS using BigQuery – AssetnoteEmail : Finding Hidden Files and Folders on IIS using BigQuery – Assetnote
Don’t Reply: A Clever Phishing Method In Apple's Mail App
12
Mar
2023

Don’t Reply: A Clever Phishing Method In Apple’s Mail App

About four or five years ago, friend and fellow bug bounty hunter Sam Curry asked if I had “ever thought…

Share: X : Don’t Reply: A Clever Phishing Method In Apple’s Mail AppFacebook : Don’t Reply: A Clever Phishing Method In Apple’s Mail AppLinkedin : Don’t Reply: A Clever Phishing Method In Apple’s Mail AppReddit : Don’t Reply: A Clever Phishing Method In Apple’s Mail AppTelegram : Don’t Reply: A Clever Phishing Method In Apple’s Mail AppWhatsApp : Don’t Reply: A Clever Phishing Method In Apple’s Mail AppEmail : Don’t Reply: A Clever Phishing Method In Apple’s Mail App
Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library
12
Mar
2023

Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library

Overview On August 24th, 2022, we reported a vulnerability to Netlify affecting their Next.js “netlify-ipx” repository which would allow an…

Share: X : Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js LibraryFacebook : Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js LibraryLinkedin : Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js LibraryReddit : Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js LibraryTelegram : Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js LibraryWhatsApp : Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js LibraryEmail : Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library
ropnop blog
12
Mar
2023

ChiBrrCon 2020: Don’t Cross Me! Same Origin Policy and all the “cross” vulns

ChiBrrCon 2020: Don’t Cross Me! Same Origin Policy and all the “cross” vulns Source link

Share: X : ChiBrrCon 2020: Don’t Cross Me! Same Origin Policy and all the “cross” vulnsFacebook : ChiBrrCon 2020: Don’t Cross Me! Same Origin Policy and all the “cross” vulnsLinkedin : ChiBrrCon 2020: Don’t Cross Me! Same Origin Policy and all the “cross” vulnsReddit : ChiBrrCon 2020: Don’t Cross Me! Same Origin Policy and all the “cross” vulnsTelegram : ChiBrrCon 2020: Don’t Cross Me! Same Origin Policy and all the “cross” vulnsWhatsApp : ChiBrrCon 2020: Don’t Cross Me! Same Origin Policy and all the “cross” vulnsEmail : ChiBrrCon 2020: Don’t Cross Me! Same Origin Policy and all the “cross” vulns
[Google VRP] SSRF in Google Cloud Platform StackDriver – Ron Chan
12
Mar
2023

[Google VRP] SSRF in Google Cloud Platform StackDriver – Ron Chan

During the process of testing GAE after reading this awesome blog post, I found a debug application in Google Cloud…

Share: X : [Google VRP] SSRF in Google Cloud Platform StackDriver – Ron ChanFacebook : [Google VRP] SSRF in Google Cloud Platform StackDriver – Ron ChanLinkedin : [Google VRP] SSRF in Google Cloud Platform StackDriver – Ron ChanReddit : [Google VRP] SSRF in Google Cloud Platform StackDriver – Ron ChanTelegram : [Google VRP] SSRF in Google Cloud Platform StackDriver – Ron ChanWhatsApp : [Google VRP] SSRF in Google Cloud Platform StackDriver – Ron ChanEmail : [Google VRP] SSRF in Google Cloud Platform StackDriver – Ron Chan
FROM 0 to $$$$ - MY BIGGEST BUG BOUNTY LEARNINGS!
12
Mar
2023

FROM 0 to $$$$ – MY BIGGEST BUG BOUNTY LEARNINGS!

FROM 0 to $$$$ – MY BIGGEST BUG BOUNTY LEARNINGS! Source link

Share: X : FROM 0 to $$$$ – MY BIGGEST BUG BOUNTY LEARNINGS!Facebook : FROM 0 to $$$$ – MY BIGGEST BUG BOUNTY LEARNINGS!Linkedin : FROM 0 to $$$$ – MY BIGGEST BUG BOUNTY LEARNINGS!Reddit : FROM 0 to $$$$ – MY BIGGEST BUG BOUNTY LEARNINGS!Telegram : FROM 0 to $$$$ – MY BIGGEST BUG BOUNTY LEARNINGS!WhatsApp : FROM 0 to $$$$ – MY BIGGEST BUG BOUNTY LEARNINGS!Email : FROM 0 to $$$$ – MY BIGGEST BUG BOUNTY LEARNINGS!
Bountycon2020 Presentation | Richard’s Infosec blog
12
Mar
2023

Bountycon2020 Presentation | Richard’s Infosec blog

I was recently invited to present at BountyCon 2020. This was supposed to early March in Singapore where flights and…

Share: X : Bountycon2020 Presentation | Richard’s Infosec blogFacebook : Bountycon2020 Presentation | Richard’s Infosec blogLinkedin : Bountycon2020 Presentation | Richard’s Infosec blogReddit : Bountycon2020 Presentation | Richard’s Infosec blogTelegram : Bountycon2020 Presentation | Richard’s Infosec blogWhatsApp : Bountycon2020 Presentation | Richard’s Infosec blogEmail : Bountycon2020 Presentation | Richard’s Infosec blog
How to Spend Time Well, A Framework · rez0
12
Mar
2023

How to Spend Time Well, A Framework · rez0

For a healthy person in a first world country, the number of things we could do is near infinite. And…

Share: X : How to Spend Time Well, A Framework · rez0Facebook : How to Spend Time Well, A Framework · rez0Linkedin : How to Spend Time Well, A Framework · rez0Reddit : How to Spend Time Well, A Framework · rez0Telegram : How to Spend Time Well, A Framework · rez0WhatsApp : How to Spend Time Well, A Framework · rez0Email : How to Spend Time Well, A Framework · rez0
Include This In Your Hacking Workflow by Continuous Monitoring with AuthoGraphQL (How-to guide)
12
Mar
2023

Include This In Your Hacking Workflow by Continuous Monitoring with AuthoGraphQL (How-to guide)

Include This In Your Hacking Workflow by Continuous Monitoring with AuthoGraphQL (How-to guide) Source link

Share: X : Include This In Your Hacking Workflow by Continuous Monitoring with AuthoGraphQL (How-to guide)Facebook : Include This In Your Hacking Workflow by Continuous Monitoring with AuthoGraphQL (How-to guide)Linkedin : Include This In Your Hacking Workflow by Continuous Monitoring with AuthoGraphQL (How-to guide)Reddit : Include This In Your Hacking Workflow by Continuous Monitoring with AuthoGraphQL (How-to guide)Telegram : Include This In Your Hacking Workflow by Continuous Monitoring with AuthoGraphQL (How-to guide)WhatsApp : Include This In Your Hacking Workflow by Continuous Monitoring with AuthoGraphQL (How-to guide)Email : Include This In Your Hacking Workflow by Continuous Monitoring with AuthoGraphQL (How-to guide)