We reached 5000 followers!!! Clapping hands signClapping hands signClapping hands sign
Thank you so much for everyone for the support !!Smiling face with smiling eyesFolded hands
Keep hacking, keep writing, keep sharing and keep supporting!
#bugbounty community Red heart
Happy hunting!
https://twitter.com/tbbhunter/status/1417161268654452748
Thank you so much for everyone for the support !!Smiling face with smiling eyesFolded hands
Keep hacking, keep writing, keep sharing and keep supporting!
#bugbounty community Red heart
Happy hunting!
https://twitter.com/tbbhunter/status/1417161268654452748
Twitter
The Bug Bounty Hunter
We reached 5000 followers!!! 👏🏻👏🏻👏🏻 Thank you so much for everyone for the support !!😊🙏🏻 Keep hacking, keep writing, keep sharing and keep supporting! #bugbounty community ❤️ Happy hunting!
A collection of hacker tools using HackerOne's API @Hacker0x01
https://github.com/Hacker0x01/awesome-hacker-api-tools
https://github.com/Hacker0x01/awesome-hacker-api-tools
GitHub
GitHub - Hacker0x01/awesome-hacker-api-tools: A collection of hacker tools using HackerOne's API
A collection of hacker tools using HackerOne's API - Hacker0x01/awesome-hacker-api-tools
❤1
Pentesting iOS| Starting With iOS Emulator Corellium & Re-signing IPA
https://justm0rph3u5.medium.com/pentesting-ios-starting-with-ios-emulator-corellium-re-signing-ipa-9ce3cbd19721
https://justm0rph3u5.medium.com/pentesting-ios-starting-with-ios-emulator-corellium-re-signing-ipa-9ce3cbd19721
Medium
Pentesting iOS| Starting With iOS Emulator Corellium & Re-signing IPA
Corellium provided virtual iOS-based devices for individual accounts on our groundbreaking security research platform, CORSEC. Corellium’s…
A hackers perspective on bug bounty triage
https://shubs.io/a-hackers-perspective-on-bug-bounty-triage/
https://shubs.io/a-hackers-perspective-on-bug-bounty-triage/
shubs
A hackers perspective on bug bounty triage
In the last few days, I have been able to have productive conversations with my peers in the bug bounty community including Patrik who works on the triage team and Luke who leads community efforts from HackerOne. Patrik has helped clear up misconceptions…
pam_ussh does not properly validate the SSH certificate authority
https://hackerone.com/reports/1177356
https://hackerone.com/reports/1177356
HackerOne
Uber disclosed on HackerOne: pam_ussh does not properly validate...
The pam_ussh module that Uber open-sourced in https://github.com/uber/pam-ussh does not validate that the SSH certificate presented by a user is actually signed by a trusted CA listed in the...
How to Use HackerOne and PagerDuty to Identify When Vulnerabilities Need Action
https://www.hackerone.com/blog/hackerone-and-pagerduty-partner-identify-when-vulnerabilities-need-action
https://www.hackerone.com/blog/hackerone-and-pagerduty-partner-identify-when-vulnerabilities-need-action
HackerOne
How to Use HackerOne and PagerDuty to Identify When Vulnerabilities Need Action
HackerOne and PagerDuty have partnered to create a workflow automation integration that feeds critical and high severity vulnerability findings into PagerDuty alerts to notify security teams and take timely action immediately.How Does the Integration Work?When…
Interview: Patchstack’s Oliver Sild on securing WordPress, one plugin vulnerability at a time
https://portswigger.net/daily-swig/interview-patchstacks-oliver-sild-on-securing-wordpress-one-plugin-vulnerability-at-a-time
https://portswigger.net/daily-swig/interview-patchstacks-oliver-sild-on-securing-wordpress-one-plugin-vulnerability-at-a-time
How I Found Multiple Bugs On FaceBook In 1 Month And a Part For My Methodology & Tools
https://orwaatyat.medium.com/how-i-found-multiple-bugs-on-facebook-in-1-month-and-a-part-for-my-methodology-tools-58a677a9040c
https://orwaatyat.medium.com/how-i-found-multiple-bugs-on-facebook-in-1-month-and-a-part-for-my-methodology-tools-58a677a9040c
Medium
How I Found Multiple Bugs On FaceBook In 1 Month And a Part For My Methodology & Tools
Hay Hunters , Hello Infosec Community
New version of Gotator: v1.1. This version adds new flags (mindup and adv), improves results and reduces the number of duplicates.
https://github.com/Josue87/gotator
https://github.com/Josue87/gotator
GitHub
GitHub - Josue87/gotator: Gotator is a tool to generate DNS wordlists through permutations.
Gotator is a tool to generate DNS wordlists through permutations. - Josue87/gotator
👍1
How I found a bug in Apple within just in 5min
https://medium.com/pentesternepal/how-i-found-a-bug-in-apple-within-just-in-5min-d7357237d7a0
https://medium.com/pentesternepal/how-i-found-a-bug-in-apple-within-just-in-5min-d7357237d7a0
Medium
How I found a bug in Apple within just in 5min.
Summary: I discovered a Cross-site Scripting (XSS) vulnerability in one of the acquisition sites of apple which is Filemaker.com
Pre-Auth RCE in Moodle Part I - PHP Object Injection in Shibboleth https://haxolot.com/posts/2021/moodle_pre_auth_shibboleth_rce_part1/
Haxolot
Pre-Auth RCE in Moodle Part I - PHP Object Injection in Shibboleth Module
It was found that the Shibboleth authentication module of Moodle suffers from a beautiful Remote Code Execution vulnerability from the unauthenticated perspective. This is widely used among universities to allow students from one university to authenticate…
Gaining Access To GCP Of Google Stadia
https://medium.com/@sebastien.kaul/gaining-access-to-gcp-of-google-stadia-500-bounty-22f76ecc8e60
https://medium.com/@sebastien.kaul/gaining-access-to-gcp-of-google-stadia-500-bounty-22f76ecc8e60
Medium
Gaining Access To GCP Of Google Stadia — 500$ Bounty
Learning machine authentication, finding a needle and gaining access to the Google Cloud project of Google Stadia.
Chaining Open Redirect with XSS to Account Takeover
https://radianid.medium.com/chaining-open-redirect-with-xss-to-account-takeover-36acf218a6d5
https://radianid.medium.com/chaining-open-redirect-with-xss-to-account-takeover-36acf218a6d5
Medium
Chaining Open Redirect with XSS to Account Takeover
Hello everyone, I hope you are well. In this article I will show you how I escalated XSS to Account Takeover. Since the target is private…
Facebook Vulnerability: Expose Group Member — $3000
https://medium.com/@muhammadsholikhin/facebook-vulnerability-expose-group-member-3000-cca809a53f6b
https://medium.com/@muhammadsholikhin/facebook-vulnerability-expose-group-member-3000-cca809a53f6b
Medium
Facebook Vulnerability: Expose Group Member — $3000
The issue is Insecure Direct Object with impact malicious user can expose or determine member on closed group. But the issue have limits…
How I Lost the SecurityTrails #ReconMaster Contest, and How You Can Win: Edge-Case Recon Ideas
https://securitytrails.com/blog/how-i-lost-the-securitytrails-reconmaster-contest
https://securitytrails.com/blog/how-i-lost-the-securitytrails-reconmaster-contest
Securitytrails
SecurityTrails | How I lost the SecurityTrails #ReconMaster contest, and how you can win: Edge-case recon ideas
'A while back, SecurityTrails announced that they would be running a contest dubbed 'Recon Master'. The aim of the game is to find hostnames that resolve to an IPv4 address that are not already found by SecurityTrails'
Forwarded from Android Security & Malware
XXE in Public Transport Ticketing Mobile APP
https://blog.niksthehacker.com/xxe-in-public-transport-ticketing-mobile-app-81ae245c01a1
https://blog.niksthehacker.com/xxe-in-public-transport-ticketing-mobile-app-81ae245c01a1
Medium
XXE in Public Transport Ticketing Mobile APP
This finding was an another private bug bounty program. The scope of the target was a ticketing android app (Prod). This app was a major…
Bug Bounty Stories #1: Tale of CSP bypass in an electron app!
https://securitygoat.medium.com/bug-bounty-stories-1-tale-of-csp-bypass-in-an-electron-app-f669f6ecefc9
https://securitygoat.medium.com/bug-bounty-stories-1-tale-of-csp-bypass-in-an-electron-app-f669f6ecefc9
Medium
Bug Bounty Stories #1: Tale of CSP bypass in an electron app!
Talking of a bug I found a long time back which led to the bypassing of CSP in an electron app :)