Razer started using Hacker0x01 today: hackerone.com/razer , pays: 100$ min
What happens if we use our brain's 100% capacity
Via: https://twitter.com/cyanpiny/status/1175030939891712000
Via: https://twitter.com/cyanpiny/status/1175030939891712000
Heap overflow happen when receiving short length key from ssh server using ssh protocol 1
https://hackerone.com/reports/630462
https://hackerone.com/reports/630462
HackerOne
PuTTY (European Commission - DIGIT) disclosed on HackerOne: Heap...
## Summary:
There's no check in `ssh1_login_process_queue` function when read `servkey` and `hostkey` length from packet which may cause heap overflow.
Remote code execution may be possible.
##...
There's no check in `ssh1_login_process_queue` function when read `servkey` and `hostkey` length from packet which may cause heap overflow.
Remote code execution may be possible.
##...
A Simple bypass of Registration Activation that Lead to many Bug -
https://medium.com/bugbountywriteup/a-simple-bypass-of-registration-activation-that-lead-to-many-bug-a-story-about-how-my-friend-5df0889f1062
https://medium.com/bugbountywriteup/a-simple-bypass-of-registration-activation-that-lead-to-many-bug-a-story-about-how-my-friend-5df0889f1062
Bug or Feature? GitHub Adventure #001
https://medium.com/oad-earth/bug-or-feature-github-adventure-001-eae9bea48ae8
https://medium.com/oad-earth/bug-or-feature-github-adventure-001-eae9bea48ae8
Medium
Bug or Feature? GitHub Adventure #001
Is OAuth GitHub really safe?
A Simple bypass of Registration Activation that Lead to many Bug
https://medium.com/bugbountywriteup/a-simple-bypass-of-registration-activation-that-lead-to-many-bug-a-story-about-how-my-friend-5df0889f1062
https://medium.com/bugbountywriteup/a-simple-bypass-of-registration-activation-that-lead-to-many-bug-a-story-about-how-my-friend-5df0889f1062
Facebook Workplace Privilege Escalation Vulnerability To Change The Post Privacy As Public
https://medium.com/@guhanraja/facebook-workplace-privilege-escalation-vulnerability-to-change-the-post-privacy-as-public-634f1c995780
https://medium.com/@guhanraja/facebook-workplace-privilege-escalation-vulnerability-to-change-the-post-privacy-as-public-634f1c995780
Medium
Facebook Workplace Privilege Escalation Vulnerability To Change The Post Privacy As Public
Hi hello everyone, This is Guhan Raja
Exploiting Cookie Based XSS by Finding RCE
https://medium.com/@mastomi/bug-bounty-exploiting-cookie-based-xss-by-finding-rce-a3e3e80041f3
https://medium.com/@mastomi/bug-bounty-exploiting-cookie-based-xss-by-finding-rce-a3e3e80041f3
Medium
[Bug Bounty] Exploiting Cookie Based XSS by Finding RCE
When doing penetrating on this target, I collaborated with YoKo Kho to get the highest privileges. In this paper you may find a little…
Forwarded from Android Security & Malware
MobSF v2.0 released
https://github.com/MobSF/Mobile-Security-Framework-MobSF
https://github.com/MobSF/Mobile-Security-Framework-MobSF
GitHub
GitHub - MobSF/Mobile-Security-Framework-MobSF: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application…
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a...
WordPress Privilege Escalation from an Editor to Administrator
https://stazot.tk/wordpress-privilege-escalation-from-an-editor-to-administrator
https://stazot.tk/wordpress-privilege-escalation-from-an-editor-to-administrator
Broken Link Hijacking - s3 buckets
https://tutorgeeks.blogspot.com/2019/09/broken-link-hijacking-s3-buckets.html
https://tutorgeeks.blogspot.com/2019/09/broken-link-hijacking-s3-buckets.html
Blogspot
Broken Link Hijacking - s3 buckets
Tutorgeeks hackerone bugcrowd proof of concept cobalt vulnerabilities bug bounty security penetration testing technology evangelist red team synack
Huge list of companies with active bug bounties
https://www.hacks.icu/Thread-Huge-list-of-companies-with-active-bug-bounties?pid=2192
https://www.hacks.icu/Thread-Huge-list-of-companies-with-active-bug-bounties?pid=2192
ww16.hacks.icu
hacks.icu - This website is for sale! - hacks Resources and Information.
This website is for sale! hacks.icu is your first and best source for all of the information you’re looking for. From general topics to more of what you would expect to find here, hacks.icu has it all. We hope you find what you are searching for!
Andromeda
Andromeda - Interactive Reverse Engineering Tool for Android Applications
https://github.com/secrary/Andromeda
Andromeda - Interactive Reverse Engineering Tool for Android Applications
https://github.com/secrary/Andromeda
GitHub
GitHub - secrary/Andromeda: Andromeda - Interactive Reverse Engineering Tool for Android Applications
Andromeda - Interactive Reverse Engineering Tool for Android Applications - secrary/Andromeda
ONEPLUS XSS vulnerability in Customer Support Portal
https://medium.com/@tech96bot/oneplus-xss-vulnerability-in-customer-support-portal-d5887a7367f4
https://medium.com/@tech96bot/oneplus-xss-vulnerability-in-customer-support-portal-d5887a7367f4
Building a fast modern web crawler
https://creekorful.me/building-fast-modern-web-crawler/
https://creekorful.me/building-fast-modern-web-crawler/
Building a fast modern dark web crawler
Building a fast modern dark web crawler :: Aloïs Micard
I have been passionated by web crawler for a long time. I have written several one in many languages such as C++, JavaScript (Node.JS), Python, … and I love the theory behind them.
But first of all, what is a web crawler?
What is a web crawler? A web crawler…
But first of all, what is a web crawler?
What is a web crawler? A web crawler…
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
https://github.com/hisxo/gitGraber
https://github.com/hisxo/gitGraber
GitHub
GitHub - hisxo/gitGraber: gitGraber: monitor GitHub to search and find sensitive data in real time for different online services…
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe... - hisxo...
Introducing Varanid.io! Varanid can monitor DNS records, SSL certificates, and any file changes, with support for beautiful email, Slack, and custom webhook notifications. Perfect for a professional and reliable monitoring setup.
Via: https://twitter.com/varanidio/status/1176506299732959235
Via: https://twitter.com/varanidio/status/1176506299732959235
YESWEHACK PROPHILE ON AK1T4
https://blog.yeswehack.com/2019/09/24/yeswehack-prophile-on-ak1t4/
https://blog.yeswehack.com/2019/09/24/yeswehack-prophile-on-ak1t4/
Global Bug Bounty Platform
YESWEHACK PROPHILE ON Ak1t4 - Global Bug Bounty Platform
We are moving towards a virtual society where the mind will be more closer to the illusion than the plain reality ( it's already happening )
vBulletin 5.x 0day pre-auth RCE exploit
https://seclists.org/fulldisclosure/2019/Sep/31
https://seclists.org/fulldisclosure/2019/Sep/31
seclists.org
Full Disclosure: vBulletin 5.x 0day pre-auth RCE exploit