What happens if we use our brain's 100% capacity
Via: https://twitter.com/cyanpiny/status/1175030939891712000
Via: https://twitter.com/cyanpiny/status/1175030939891712000
Heap overflow happen when receiving short length key from ssh server using ssh protocol 1
https://hackerone.com/reports/630462
https://hackerone.com/reports/630462
HackerOne
PuTTY (European Commission - DIGIT) disclosed on HackerOne: Heap...
## Summary:
There's no check in `ssh1_login_process_queue` function when read `servkey` and `hostkey` length from packet which may cause heap overflow.
Remote code execution may be possible.
##...
There's no check in `ssh1_login_process_queue` function when read `servkey` and `hostkey` length from packet which may cause heap overflow.
Remote code execution may be possible.
##...
A Simple bypass of Registration Activation that Lead to many Bug -
https://medium.com/bugbountywriteup/a-simple-bypass-of-registration-activation-that-lead-to-many-bug-a-story-about-how-my-friend-5df0889f1062
https://medium.com/bugbountywriteup/a-simple-bypass-of-registration-activation-that-lead-to-many-bug-a-story-about-how-my-friend-5df0889f1062
Bug or Feature? GitHub Adventure #001
https://medium.com/oad-earth/bug-or-feature-github-adventure-001-eae9bea48ae8
https://medium.com/oad-earth/bug-or-feature-github-adventure-001-eae9bea48ae8
Medium
Bug or Feature? GitHub Adventure #001
Is OAuth GitHub really safe?
A Simple bypass of Registration Activation that Lead to many Bug
https://medium.com/bugbountywriteup/a-simple-bypass-of-registration-activation-that-lead-to-many-bug-a-story-about-how-my-friend-5df0889f1062
https://medium.com/bugbountywriteup/a-simple-bypass-of-registration-activation-that-lead-to-many-bug-a-story-about-how-my-friend-5df0889f1062
Facebook Workplace Privilege Escalation Vulnerability To Change The Post Privacy As Public
https://medium.com/@guhanraja/facebook-workplace-privilege-escalation-vulnerability-to-change-the-post-privacy-as-public-634f1c995780
https://medium.com/@guhanraja/facebook-workplace-privilege-escalation-vulnerability-to-change-the-post-privacy-as-public-634f1c995780
Medium
Facebook Workplace Privilege Escalation Vulnerability To Change The Post Privacy As Public
Hi hello everyone, This is Guhan Raja
Exploiting Cookie Based XSS by Finding RCE
https://medium.com/@mastomi/bug-bounty-exploiting-cookie-based-xss-by-finding-rce-a3e3e80041f3
https://medium.com/@mastomi/bug-bounty-exploiting-cookie-based-xss-by-finding-rce-a3e3e80041f3
Medium
[Bug Bounty] Exploiting Cookie Based XSS by Finding RCE
When doing penetrating on this target, I collaborated with YoKo Kho to get the highest privileges. In this paper you may find a little…
Forwarded from Android Security & Malware
MobSF v2.0 released
https://github.com/MobSF/Mobile-Security-Framework-MobSF
https://github.com/MobSF/Mobile-Security-Framework-MobSF
GitHub
GitHub - MobSF/Mobile-Security-Framework-MobSF: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application…
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a...
WordPress Privilege Escalation from an Editor to Administrator
https://stazot.tk/wordpress-privilege-escalation-from-an-editor-to-administrator
https://stazot.tk/wordpress-privilege-escalation-from-an-editor-to-administrator
Broken Link Hijacking - s3 buckets
https://tutorgeeks.blogspot.com/2019/09/broken-link-hijacking-s3-buckets.html
https://tutorgeeks.blogspot.com/2019/09/broken-link-hijacking-s3-buckets.html
Blogspot
Broken Link Hijacking - s3 buckets
Tutorgeeks hackerone bugcrowd proof of concept cobalt vulnerabilities bug bounty security penetration testing technology evangelist red team synack
Huge list of companies with active bug bounties
https://www.hacks.icu/Thread-Huge-list-of-companies-with-active-bug-bounties?pid=2192
https://www.hacks.icu/Thread-Huge-list-of-companies-with-active-bug-bounties?pid=2192
Andromeda
Andromeda - Interactive Reverse Engineering Tool for Android Applications
https://github.com/secrary/Andromeda
Andromeda - Interactive Reverse Engineering Tool for Android Applications
https://github.com/secrary/Andromeda
GitHub
GitHub - secrary/Andromeda: Andromeda - Interactive Reverse Engineering Tool for Android Applications
Andromeda - Interactive Reverse Engineering Tool for Android Applications - secrary/Andromeda
ONEPLUS XSS vulnerability in Customer Support Portal
https://medium.com/@tech96bot/oneplus-xss-vulnerability-in-customer-support-portal-d5887a7367f4
https://medium.com/@tech96bot/oneplus-xss-vulnerability-in-customer-support-portal-d5887a7367f4
Building a fast modern web crawler
https://creekorful.me/building-fast-modern-web-crawler/
https://creekorful.me/building-fast-modern-web-crawler/
Building a fast modern dark web crawler
Building a fast modern dark web crawler :: Aloïs Micard
I have been passionated by web crawler for a long time. I have written several one in many languages such as C++, JavaScript (Node.JS), Python, … and I love the theory behind them.
But first of all, what is a web crawler?
What is a web crawler? A web crawler…
But first of all, what is a web crawler?
What is a web crawler? A web crawler…
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
https://github.com/hisxo/gitGraber
https://github.com/hisxo/gitGraber
GitHub
GitHub - hisxo/gitGraber: gitGraber: monitor GitHub to search and find sensitive data in real time for different online services…
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe... - hisxo...
Introducing Varanid.io! Varanid can monitor DNS records, SSL certificates, and any file changes, with support for beautiful email, Slack, and custom webhook notifications. Perfect for a professional and reliable monitoring setup.
Via: https://twitter.com/varanidio/status/1176506299732959235
Via: https://twitter.com/varanidio/status/1176506299732959235
YESWEHACK PROPHILE ON AK1T4
https://blog.yeswehack.com/2019/09/24/yeswehack-prophile-on-ak1t4/
https://blog.yeswehack.com/2019/09/24/yeswehack-prophile-on-ak1t4/
Global Bug Bounty Platform
YESWEHACK PROPHILE ON Ak1t4 - Global Bug Bounty Platform
We are moving towards a virtual society where the mind will be more closer to the illusion than the plain reality ( it's already happening )
vBulletin 5.x 0day pre-auth RCE exploit
https://seclists.org/fulldisclosure/2019/Sep/31
https://seclists.org/fulldisclosure/2019/Sep/31
seclists.org
Full Disclosure: vBulletin 5.x 0day pre-auth RCE exploit
XSS and Open Redirect on MoPub Login
https://hackerone.com/reports/683298
https://hackerone.com/reports/683298
HackerOne
X / xAI disclosed on HackerOne: XSS and Open Redirect on MoPub Login
Very simple open redirect made more impactful by the lack of filtering javascript URIs. Thanks again to the Twitter team for a quick response/bounty!
The return of the <
https://hackerone.com/reports/639684
https://hackerone.com/reports/639684
HackerOne
Rockstar Games disclosed on HackerOne: The return of the <
In this report, the researcher was able to demonstrate a Stored XSS vulnerability in our Message system on the Social Club website. By taking advantage of the fact that '<' characters are...