Ever come across a system that did so many little things wrong that you were certain you could “get r00t”? You chip away, gradually uncovering the links in the chain, but then you run o…

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis...

Hello Everyone,

SameSite=Lax Cookies by Default is a new browser feature we will look at how to bypass it and what is the security concerns with it..

Contribute to Vi45en/Pesidious development by creating an account on GitHub.

A centralized resource for previously documented WDAC bypass techniques - bohops/UltimateWDACBypassList

An attacker can bypass the HEY.com HTML sanitizer and inject arbitrary unsafe HTML in emails.

To reproduce the bug you have to send raw HTML-formatted email. You can do it e.g. with the Sendmail...

Hello,

## Who we are :

We’re two French security researchers and our respective names are Brice Augras and
Christophe Hauquiert, we worked and found the vulnerability together.

Brice Augras from...

Update 25.01.2021: Added Google engineers exploit method for getting access token.   Google Cloud Monitoring (formerly called Stackdriver)...

Version en español: acá

I used “app” keyword in place of application name as it was private program.

"Use ImageMagick® to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) includ...

Hi guys, this is my first english write-up, so I’m sorry for my bad english grammar.

I just want to write a check list for myself. This article includes various vulnerability discovery method bypass methods. I hope you can…

S

📧 Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
📣 Follow me on Twitter: https://bbre.dev/tw

This video is about an RCE vulnerability in Github pages. The report on hackerone was rewarded $25,000.…

As many of you may know, a Web Application Firewall is a firewall that sits in front of our web applications, and filters, analyzes and…

Hello everyone, I am Marx Chryz and I am new to bug bounty hunting even though I do web penetration testing for more than a year.