I've published some work regarding Git security 🥳 It discusses the burying of repos within repos, exploiting IDEs (by opening a directory), shell prompts (by cd'ing into a directory) and Git pillaging tools (pwn the attacker who tries to steal your .git) github.com/justinsteven/a…

Hey Facebook Security how do you suppose that the researchers will report vulnerabilities to BB if the submit requires an fb account, that you suspend during creation? Don't you think in case of any critical vulnerabilities, the time of communication with support will be expensive?

Open redirect vulnerability and how to use it "correctly" in bug bounty 🙃 link.medium.com/ftOSGKkZtqb

Really nice swag arrived! Thanks New Relic for this gifts, I appreciate it!

It has been a while since my last blog post. Today I'm starting a new blog series about smart contracts security. It's going to be fun! This is my first blog of the series, Price manipulation in EVM chains. ngailong.com/smart-contract…

For the last six months I have been researching Github Actions and not only, here you can find my notes✌️github.com/0xn3va/cheat-s… 0xn3va.gitbook.io/cheat-sheets/

[3️⃣] JWT Cheatsheet by @0x_n3va This cheatsheet is so incredibly complete 🤯 It covers EVERYTHING there is to know about JWT tokens! Reading through this will help you master the topic for sure! 💪 👇 0xn3va.gitbook.io/cheat-sheets/w…

We found a way to disclose organization's secrets in GitHub and got access to part of GitHub itself. Checkout the blog: ophionsecurity.com/blog/access-or… #BugBounty #Vulnerability

I've updated my GitHub Actions security cheat sheets and added new cases that could lead to serious vulnerabilities, enjoy! 0xn3va.gitbook.io/cheat-sheets/c… github.com/0xn3va/cheat-s…

How do static analysis tools detect vulnerabilities in software? Learn more about the fundamentals of static analysis and security research, and challenge yourself with exercises in the first part of CodeQL Zero to Hero series by /* BlazingWind */ github.blog/2023-03-31-cod…

Published a write-up about the vulnerability which could expose the access token of GitHub Staff. blog.ryotak.net/post/github-ac…

I completely updated Content Security Policy (CSP) Cheat Sheet, check it out 0xn3va.gitbook.io/cheat-sheets/w… Subscribe to releases at GitHub to track all updates in my Application Security Cheat Sheets github.com/0xn3va/cheat-s…

Using AWS IAM roles from GitHub Actions with OpenID Connect? Make sure you set a condition on the JWT subject in your trust policy! Read how we found vulnerable roles in the wild, including from the UK government! securitylabs.datadoghq.com/articles/explo…

If you were looking for secure coding best practices in the form of specific requirements, take a look at my project Application Security Handbook which I released recently. Cheers ✌️ GitHub: github.com/0xn3va/applica… GitBook: 0xn3va.gitbook.io/application-se…

Thanks GitHub Security team for this insane swag 🤯 I appreciate it!

❓Have you ever wanted to get in the mind of a hacker? Well, here's your chance during our Ask a Hacker AMA next week on September 8th. ✏️ Sign up and drop your questions here. bit.ly/3qNOChj

Special thanks to the 🦊 GitLab security team for having me on the GitLab Ask a Hacker AMA! It was great! youtube.com/watch?v=aJagtR…

The AMA blog post with 0xn3va is out now! 📚🦊about.gitlab.com/blog/2023/10/0…

ICYMI: #bugbounty hunter 0xn3va joined our AMA and shared insights on why he hacks, his process for identifying bugs and advice for new hackers. bit.ly/3LIivXq