Yelp disclosed a bug submitted by Lil Endian: hackerone.com/reports/2089042 #hackerone #bugbounty

#0day #research #bugbounty #informationsecurity blog.malicious.group/from-akamai-to… How I *AM* able to abuse Akamai to abuse F5, to abuse all of their customers. This is a bug chain that doesn't require a bug on the target domain to exploit them. But what do I know, I am a freelance nobody.

🎯 Mastering Bug Hunting: Tips for Beginners! 🛠️

I often export proxy items from Burp to extract certain data. Example: filter out all response headers where request param is X, get a list of all response params for custom wordlist creation etc. I built this tool to make it do what I want: github.com/fransr/unpack-…

There's still a load of potential for further research and discoveries in HTTP request smuggling. This massive-impact finding from d3d aka dead (dead, мёртв, 死了) exploiting Akamai/F5 is a great example: blog.malicious.group/from-akamai-to…

Doesn't matter what area of ​​tech you're in, learn Git. 1. `git init` Initialize a new Git repository. This creates a new subdirectory named ".git" in the current directory, where Git stores all the metadata for the repository. 2. `git clone` Clone an existing repository.

😝 Here is the full disclosure of the Twitter XSS + CSRF vulnerability. Clicking a crafted link or going to some crafted web pages would allow attackers to take over your account (posting, liking, updating your profile, deleting your account, etc.)

AWS S3 Bucket Takeover - How to Find and Maximize Impact by Bug Bounty Reports Explained In this article Greg will tell you how to: - detect - escalate - show impact AWS S3 Bucket Takeovers 😃 blog.vidocsecurity.com/blog/aws-s3-bu… #BugBounty #bugbountytip #blog #CyberSec #Cybersecurity

Today I found a subdomain takeover in azure. I must say that the guide created by godiego is fantastic. Link: godiego.co/posts/STO-Azur… #BugBounty #bugbountytip

At last - the official release of my small tool for quickly and easily finding hostnames belonging to any CIDR(s) or ASN(s). Enhance your reconnaissance and build your custom /etc/hosts file in seconds. Thanks to BGP.HE x Robtex. github.com/cosad3s/hfinder (pip install hfinder)

How we escalated a DOM XSS to a 1-click ATO for $8000 thefrogsec.github.io/2024/04/06/How… We finally have the permission to publish this blog post. Hope you guys will enjoy reading it! 😄 Benasin Long Phan Nguyên #bugbountytips #FrogSecTeam #BugBounty HackerOne #TogetherWeHitHarder

Received a bounty from the Chrome VRP for responsibly disclosing a security bug in Chrome Browser! 🕵️‍♂️💻 Thanks to the Google Bug Hunters team for their support! #BugBounty #Cybersecurity

After months of work (and bugs), Maxence SCHMITT has finally released his fabulous research. Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery or #CSPT2CSRF. Full paper here: doyensec.com/resources/Doye… Summary in blog.doyensec.com/2024/07/02/csp…

How to exploit Android deeplinks by b33f | 🇺🇦✊ knifecoat.com/Posts/Tell+you… #BBRENewsletter77

Just got a reward for a high vulnerability submitted on YesWeHack ⠵ - Vuln: DoS via web cache poisoning - Payload: {Content-Type: text/html; charset=invalid-charset, Content-Encoding: xxxx} - Tool: HExHTTP: github.com/c0dejump/HExHT… & top 200 now ! 😁 #YesWeRHackers #BugBounty

Also, with this, I'm creating my first github repo, aiming to create something similar to can-i-takeover-xyz but for Admin Panels/Exposed Portals/Consoles! Feel free to checkout and/or contribute to the repo! Link 🔗 - github.com/charisma334/ho… #bugbounty #bugbountytip #aem

🚨🚨🚨Free Mobile Security Labs – No One Has Solved Them Yet We’ve released a brand-new series of mobile exploitation challenges. Free, hands-on, and unlike anything you've tackled before: 8ksec.io/battle/. Think you can crack them? 📲What’s live now: 10 Android

Just finished a web VAPT for an e-com client. They’d already done 2 rounds before… we still pulled out a payment bypass + PII disclosure Client shocked Team Bounters rocked! #VAPT #infosec #BugBounty #CyberSecurity #pentest