#BugBountyProTip Some caching servers would cache files larger than 2mb. if app accepts file upload, then upload a large file and access it #multiple times while logged-in. It will be cached. Then access it without login, and pingo! unauthenticated access to sensitive files!

Trishul :- A new Burp Extension for quickly identifying multiple vulnerabilities such as XSS, SQLi and SSTI on real-time basis. By Gaurav Narwani github.com/gauravnarwani9…

Took more than 2 years, but just released the postMessage-tracker Chrome Extension! github.com/fransr/postMes… Look at the functions receiving postMessages directly in the extension, look at the messages and sender/receiver window locations and track everything using a log-URL.

$20000 Facebook DOM XSS by Vinoth Kumar vinothkumar.me/20000-facebook…

Subdomain takeover detection #OneLiners - used command and details are in the thread. #bugbountytips #security #takeover #detection

HTTP request smuggling is being exploited by hackers in the wild and in bug bounty programs. What is it exactly and how can you remediate it? #websecurity #infosec blog.detectify.com/2020/05/28/hid…

Evading AV: Using OWASP-ZSC to Evade AV Detection #owaspzsc #evadingAV #cybersecurity #cyberwarrior bit.ly/2pZJjdG

CVE-2020-5412 Full-Read SSRF in spring-cloud-netflix-hystrix-dashboard tanzu.vmware.com/security/cve-2…

I wrote a post on Assetnote's blog about hacking in bug bounties for the last four years. This should give you a good idea on what I've been reporting and how I find bugs and incorporate them back into our platform. blog.assetnote.io/2020/09/15/hac…

🔥 cat hosts | xargs -I@ sh -c 'python3 dirsearch.py -r -b -w path -u @ -e php,html,json,aspx' 🔥 #bugbountytips #KingOfBugBountyTips

[#Cybermois] Vous êtes victime d'un #Rançongiciel #Ransomware - Comment réagir ?

Du 12 au 27 novembre la DGA organise un nouveau #challenge pour tous les étudiants ou professionnels en #cybersécurité. Au programme ➡️ #cryptographie, investigation numérique, exploitation et #rétroingénierie. Inscription ici ↪dghack.fr

🔥Search to .js #assetfinder #hakrawler #anew #bugbountytips #bugbounty

Thank you @Yeswehack for the organization of this fantastic event. It has been my great honor to participate in such private #BugBounty. #BugBounty is a true testament of what can be achieved when bug hunter community work together for the same purpose. #YesWeRHackers

Since the PoC for the VMware vCenter RCE (CVE-2021-21972) is now readily available, we're publishing our article covering all of the technical details. Read the article: swarm.ptsecurity.com/unauth-rce-vmw…

Win your seat for #HIP21 ! Resolve this exclusive #challenge and send us the flag by dm. The first two people who find the answer win a ticket for the conferences and workshops ! No time to lose, click here and let the hacking begin : hip21.chall.malicecyber.com

[HIP21]⚡️As promised the videos are live !⚡️ Go check it out and ENJOY !🎉 youtube.com/playlist?list=… Shak Reiner 🍍 Or Ben Porath Egor Dimitrenko @__mn1__ Juan Araya Paula Januszkiewicz Aditya K Sood Federico Dotta Antonio Morales Filipi Pires Jake B Synacktiv

📣⏳1 day left to get your early bird ticket!⏳📣 With this ticket get access to 2 days filled with conferences, workshops and a networking party. Hurry up to save your seat ! ➡️🎫hackinparis.com/store/ #CyberSecurity #cyberevent #paris #conferences #workshops #event

CVE-2022-36804 PoC 🧐 anquanke.com/post/id/280193