Nice Job Lilian Fellice can't wait to read your book #Bugbounty amazon.fr/dp/B0CHGH2BT7?…

Thanks to my hacking dudes for awesome collaboration 😎 Icare Effrite Lilian Fellice raynald Pastaga

This week, we're sponsoring the Bug Bounty Village at #EKO2023 in Buenos Aires, Argentina! 🇦🇷 Be sure to drop by and connect with our team, get the secret word, and enter for your chance to win H1 swag. 👏 See you there! bit.ly/40n7UHA

🎉 Exciting news for the English-speaking community! My book Cybersecurity: Penetration Testing of Web Information Systems: The Web Vulnerabilities Guide is now available in English 📕. 👉 Order your copy now on Amazon: a.co/d/026MDKUb #BugBounty #cybersecuritytips

Just got a reward for a critical vulnerability submitted on YesWeHack ⠵ -- Insecure Direct Object Reference (IDOR) (CWE-639). PII of a very sensitive scope, access to all users' information. yeswehack.com/hunters/blueha… #YesWeRHackers

Just got a reward for a high vulnerability submitted on YesWeHack ⠵ -- Improper Access Control - Generic (CWE-284). Bypass protection to access admin functions yeswehack.com/hunters/blueha… #YesWeRHackers

Just got a reward for a critical vulnerability submitted on YesWeHack ⠵ -- Cross-site Scripting (XSS) - Stored (CWE-79). Lead to total admin access yeswehack.com/hunters/blueha… #YesWeRHackers

Just got a reward for a critical vulnerability submitted on YesWeHack ⠵ -- Path Traversal (CWE-22). yeswehack.com/hunters/blueha… #YesWeRHackers

Hey fellow hackers, My blog is back, starting with a deep dive into a nice SQL injection I found in SuiteCRM—CVE-2024-36412. "Using Filters Against Filters: Unexpected SQL Injection" secarius.fr/cves/cve_2024_… This is the first of a three-part series on the CVEs. More to come :)

Just got a reward for a high vulnerability submitted on YesWeHack ⠵ -- Insecure Direct Object Reference (IDOR) (CWE-639). yeswehack.com/hunters/blueha… #YesWeRHackers

Just got a reward for a high vulnerability submitted on YesWeHack ⠵ 🫡 -- Improper Access Control - Generic (CWE-284). yeswehack.com/hunters/blueha… #YesWeRHackers

Just got a reward for a high vulnerability submitted on YesWeHack ⠵ -- Insecure Direct Object Reference (IDOR) (CWE-639). yeswehack.com/hunters/blueha… #YesWeRHackers

Let’s not say we’ve reported this behavior to Kong back in 2023 and they replied that it was a « problem within burp » instead of a vuln in their tool 🤷‍♂️ I know few people that got mistreated by this Kong « security » team for this bug and others, cc Laluka@OffenSkill Skilo

Just got a reward for a critical vulnerability submitted on YesWeHack ⠵ @icare I’m coming 🤩😁 -- OS Command Injection (CWE-78). yeswehack.com/hunters/blueha… #YesWeRHackers

Just got a reward for a critical vulnerability submitted on YesWeHack ⠵ -- Improper Access Control - Generic (CWE-284). yeswehack.com/hunters/blueha… #YesWeRHackers

Just got a reward for a critical vulnerability submitted on YesWeHack ⠵ with Icare GG mate -- XML External Entities (XXE) (CWE-611). yeswehack.com/hunters/blueha… #YesWeRHackers

Profundis.io is live! Quickly uncover DNS records, subdomains, hosts, and their historical data directly via your browser. No noise, just the data you need for asset discovery and security research. Explore now: profundis.io

There we go, after 3 years of work, endless nights of dev and a truckload of coffee. We are finally releasing the biggest project we've done in our entire life. I hope you will like it !

We’ve just landed a $12,000 bounty with Lilian Fellice on a public program at bugcrowd with a nice admin panel access bypass (and few other things :D) ! The asset where this was discovered was, of course, found using Profundis.io 😇

Let's speak about real bugs. This one was found this year on a huge public program on bugcrowd with クロマタエ. TL;DR: A misuse of a Microsoft SSO token led to an ATO and a nice $3,500 bounty :D Enjoy reading! secarius.fr/bugbounty/usin…