How I hacked Google’s bug tracking system itself for $15,600 in bounties
Easy Bugs for Hard Cash Continue reading on Medium » Source link
Latest Cybersecurity News — Page 5966
View all →
Q: How to write a BUG BOUNTY report that actually gets paid?
Q: How to write a BUG BOUNTY report that actually gets paid? Source link
Embedding Payloads and Bypassing Controls in Microsoft InfoPath
While browsing a SharePoint instance recently, I came across an interesting URL in the form https:///_layouts/FormServer.aspx?XsnLocation=https:///resource/Forms/template.xsn. The page itself displayed a web form that submitted…
New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks
A new malware botnet was discovered targeting Realtek SDK, Huawei routers, and Hadoop YARN servers to recruit devices into DDoS (distributed denial of service) swarm…
Full Stack Web Attack 2021 :: Zero Day Give Away
This year I released a challenge for the Full Stack Web Attack class: Whilst several people had solved the challenge, no one seemed to have…
Discovering a zero day and getting code execution on Mozilla’s AWS Network – Assetnote
When Assetnote Continuous Security (CS) monitors your attack surface, one of the things it looks for are instances of WebPageTest. WebPageTest is a website performance…
Get as image function pulls any Insights/NRQL data from any New Relic account (IDOR)
This writeup walks you through the full process as to how I found a pretty bad Insecure Direct Object Reference (IDOR) in New Relic. In…
Hacking Starbucks and Accessing Nearly 100 Million Customer Records
After a long day of trying and failing to find vulnerabilities on the Verizon Media bug bounty program I decided to call it quits and…
OWASP Chicago 2018 – Pentesting with Serverless Infrastructure
Slides Supplemental Serverless Toolkit available here: https://github.com/ropnop/serverless_toolkit Source link
The Mystery of postMessage – Ron Chan
From time to time we see postMessage bug in H1 hacktivity, some write ups mentioning the word postMessage, but do you really know what is…
I Got Investigated by the Secret Service. Here’s How to Not Be Me
Unfortunately, my thought process wasn’t that complex when I suddenly had to talk to a federal agent on my phone about what I’d posted to…
Microsoft Outlook Vulnerability Actively Exploited
Recently, Microsoft released a series of patches to address around 80 security vulnerabilities, including two zero-day exploits. One of the critical zero-day exploits, CVE-2023-23397, is…