Some #bugbounty hunters made over €50.000 in bug bounties with this simple trick. 🤑 Thanks for the #BugBountyTip, Joseph Thacker!

How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM (slides inside) blog.orange.tw/2020/09/how-i-… #HITCON

Adding infinite money to the Microsoft store wallet Here we are again…MSRC says this is not vulnerability. Microsoft Security Response Center Phil Spencer XboxBR Xbox #bugbountytip #BugBounty #xboxhacking #XboxLive

Tests for open source repos is a great place to find exploits for fresh CVEs. Tip from BBRE newsletter by Bug Bounty Reports Explained github.com/django/django/…

For folks asking about 8.4B record “RockYou2021” password list that’s in the news today, this is an aggregation of multiple other lists. For example, this password cracking list: crackstation.net/crackstation-w…

If you do use BBRF from @honoki , here it is a initial script to use HackerOne API to gather all programs' scope, including your private programs. gist.github.com/manoelt/2f05b9…

We are starting here our #CodeFigthersChallenge! Where we will post small code snippets with real vulnerabilities. Can you spot the vulnerability in the code below? #CodeFighthers #AppSec #Vulnerability

Today Smashing the Stack for Fun and Profit is 25 years old. Older than I was when I wrote it.

This is my first publication of an ongoing work on searching for vulnerabilities in Go codebases. I really hope this can be useful for other researchers.

Just added support to LDAP Serialized Payloads in the JNDI-Exploit-Kit. This attack path works in *ANY* java version as long the classes used in the Serialized payload are in the application classpath. Do not rely on your java version being up-to-date and update your log4j ASAP!

#H2HC2023 20 anos, inscricoes abertas! Nao percam a comemoracao de 2 decadas H2HC youtube.com/shorts/hszbYD7…

I just received this NFT for taking part in the Encode Club Solidity Bootcamp Q2 2024 with Encode Club. opensea.io/assets/matic/0…

The time has come, and with it your reading material for the week. Phrack #71 is officially released ONLINE! Let us know what you think! phrack.org/issues/71/1.ht…

It's been a wild and exciting journey so far. I'm learning tons at the Polkadot Blockchain Academy

I wasn't expecting to make so many friends from all over the world and learn this much in only 3 weeks. Thank you so much to all Polkadot Blockchain Academy staff and all my new peers that were part of that amazing cohort!

You expected a campus... but not this kind of campus 😎🎬 Here’s the official PBA Lucerne aftermovie! You’ll hear straight from our brilliant students, our instructors (legends) and our CEO Pauline Cohen Vorms, all reflecting on what made this ride at PBA Campus Lucerne HSLU Hochschule Luzern

Hello hackers! Another pwn.college semester ends, continuing Arizona State University's American Cybersecurity Education Institute's never-ending quest to revolutionize the way hackers learn to become productive members of the cybersecurity community. Read on to learn what this means for students and Capture the Flag! 🧵

CHAMADA DE ARTIGOS 2025 Mais artigos, novos autores, pwnage e 0days. Com esses objetivos iniciamos a nova Chamada de Artigos 2025 para a segunda edição! Envie seu artigo para : [email protected]

1/10 We've received a lot of questions about what the volunteer experience at a Web3Privacy event really looks like. So, here’s the breakdown: what you give, what you get, and the different ways you can join the crew for the Cypherpunk Congress in Buenos Aires

What does it take to secure the backbone of Ethereum’s scaling ecosystem? Agglayer by Polygon is putting that question to the test with a $1,000,000 bug bounty on Cantina. Its cross-chain infrastructure is live for public review. Link below.