Technical write-up on how I popped a shell in my baby monitor, leading to possible control of the entire device fleet randywestergren.com/unauthenticate…

I’m happy to make one of my reports public. I automated the open redirect attack d3fp4r4m talked about at #NahamCon2020 with a canary token and ended up controlling an analytics server. This let me inject content on the company, but also live customer sites.

GitLab disclosed a bug submitted by William Bowling @[email protected]: hackerone.com/reports/1212067 - Bounty: $16,000 #hackerone #bugbounty

Hello Guys, here is my new blog post. In this post I wrote about a account takeover vulnerability discovered due to improper input validation. Hope you learn something from this. Link: gauravnarwani.com/account-takeov… Found this in collaboration with Verneet

How I Escalated a Time-Based SQL Injection to RCE by 0xEchidonut link.medium.com/QX2LMyanGlb

Giveaway time! I will send 3 copies of my hacking workshop done at THREAT CON. That's +12 hours of content 🔥 ✅ Like 🔁 RT the post ✅ Follow 👉🏿 Giveaway ends at reaching 20k Followers 🌟

medium.com/@jawadmahdi/ho… New writeup for 2022! #BugBounty #bugbountytips #bugbountytip

Check out my 2021 Year In Review on HackerOne: hackerone.com/gauravnarwani/…! #TogetherWeHitHarder

I want to build a larger following for haksec.io, but I'd rather give to the hacker community than pay for Twitter ads. So - I'm giving away 5x PentesterLab subscriptions, randomly selected from people who follow haksec.io and RT this tweet. ♥️

Hacking Google Drive integrations with a case study involving the use of CRLF and Request Pipelining to perform SSRF. github.com/httpvoid/write…

Found an XSS filter that allows SVG-based tags? Try the 'use' element, you can import a SVG via a data url and execute JavaScript automatically! portswigger.net/web-security/c…

Presenting Gaurav Narwani’s Atomic Workshop at Worqference on the topic, “Getting started with Security Testing” 🤩 Book your seat now and get to witness 14 other workshops on several topics at Worqference! thetesttribe.com/worqference-se… Also, get a Free Day Track with 5 Workshops!

Account takeover notes

Hello All, I just passed my Burp Suite Certified Practitioner exam. For those who wish to take the exam, I've written a blog post highlighting the preparation and tips for the exam. Link to blog: gauravnarwani.com/burp-suite-cer… Please subscribe to the blog!

The funniest thing I’ve watched today😂

WOW. Bloomberg finally opensourced memray—a new versatile memory profile for Python. Can't way to use it. Thread 👇

ZwinK Johan Carlsson Julien | MrTuxracer 🇪🇺 "-[]["\143\157\156\163\164\162\165\143\164\157\162"]["\143\157\156\163\164\162\165\143\164\157\162"]("\141\154\145\162\164\50\61\51")()-"

Check this out! 🔥

Thank you John Hammond for presenting in our seminar today 😃

Please do help out here. Any leads appreciated