Recording myself finding an SSRF in Google
A full video recording all the process from finding an SSRF in Google Cloud, stealing the auth token, and bypassing the fix 2 times ($10 000)
https://youtu.be/UyemBjyQ4qA
@DevMisc
#security #bugbounty #google
A full video recording all the process from finding an SSRF in Google Cloud, stealing the auth token, and bypassing the fix 2 times ($10 000)
https://youtu.be/UyemBjyQ4qA
@DevMisc
#security #bugbounty #google
Overengineering can kill your product
https://www.mindtheproduct.com/overengineering-can-kill-your-product
@DevMisc
#extra
https://www.mindtheproduct.com/overengineering-can-kill-your-product
@DevMisc
#extra
Is my cat Turing-complete?
https://belaycpp.com/2021/11/24/is-my-cat-turing-complete
@DevMisc
#extra #meme
https://belaycpp.com/2021/11/24/is-my-cat-turing-complete
@DevMisc
#extra #meme
Please stop "fixing" font smoothing
https://usabilitypost.com/2012/11/05/stop-fixing-font-smoothing
@DevMisc
#extra #learn
https://usabilitypost.com/2012/11/05/stop-fixing-font-smoothing
@DevMisc
#extra #learn
AWS: IPv6-only subnets and EC2 instances
https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-ipv6-only-subnets-and-ec2-instances
@DevMisc
#cloud #extra
https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-ipv6-only-subnets-and-ec2-instances
@DevMisc
#cloud #extra
Windows 10 RCE
Code execution vulnerability on Windows 10 via IE11/Edge Legacy and MS Teams, triggered by an argument injection in the Windows 10/11 default handler for ms-officecmd: URIs
https://positive.security/blog/ms-officecmd-rce
@DevMisc
#windows #microsoft #security #bugbounty
Code execution vulnerability on Windows 10 via IE11/Edge Legacy and MS Teams, triggered by an argument injection in the Windows 10/11 default handler for ms-officecmd: URIs
https://positive.security/blog/ms-officecmd-rce
@DevMisc
#windows #microsoft #security #bugbounty
Log4j RCE
A recap about the Log4j Apache logging software vulnerability, that affects anything from iCloud to car radios.
https://www.lunasec.io/docs/blog/log4j-zero-day
@DevMisc
#bugbounty #security
A recap about the Log4j Apache logging software vulnerability, that affects anything from iCloud to car radios.
https://www.lunasec.io/docs/blog/log4j-zero-day
@DevMisc
#bugbounty #security
Are 14 people really looking at the product?
Spoiler: no, they aren't.
https://scribe.rip/are-14-people-currently-looking-at-this-product-e7fe8412f16b
@DevMisc
#extra
Spoiler: no, they aren't.
https://scribe.rip/are-14-people-currently-looking-at-this-product-e7fe8412f16b
@DevMisc
#extra
Do DNS records actually take hours to propagate?
https://jvns.ca/blog/2021/12/06/dns-doesn-t-propagate
@DevMisc
#dns #misc
https://jvns.ca/blog/2021/12/06/dns-doesn-t-propagate
@DevMisc
#dns #misc
Koalas to the max, a case study (2013)
https://hacks.mozilla.org/2013/01/koalas-to-the-max-a-case-study
@DevMisc
#mozilla #extra
https://hacks.mozilla.org/2013/01/koalas-to-the-max-a-case-study
@DevMisc
#mozilla #extra
Exploring JavaScript prototype pollution with PwnFunction
https://youtu.be/XS_UMqQalLI
@DevMisc
#security #bugbounty #javanoscript
https://youtu.be/XS_UMqQalLI
@DevMisc
#security #bugbounty #javanoscript
Logout4Shell
Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell.
https://github.com/Cybereason/Logout4Shell
@DevMisc
#security #java #tools
Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell.
https://github.com/Cybereason/Logout4Shell
@DevMisc
#security #java #tools
Python Mutable Defaults Are The Source of All Evil
How to prevent a common Python mistake that can lead to horrible bugs and waste everyone's time.
https://florimond.dev/en/posts/2018/08/python-mutable-defaults-are-the-source-of-all-evil/
@DevMisc
#python #learn #misc
How to prevent a common Python mistake that can lead to horrible bugs and waste everyone's time.
https://florimond.dev/en/posts/2018/08/python-mutable-defaults-are-the-source-of-all-evil/
@DevMisc
#python #learn #misc
CHUNGUS 2
A very powerful 1Hz Minecraft CPU. This guy built a RISC CPU + assembler from scratch using solely redstone.
https://youtu.be/FDiapbD0Xfg
@DevMisc
#minecraft #lowlevel #extra
A very powerful 1Hz Minecraft CPU. This guy built a RISC CPU + assembler from scratch using solely redstone.
https://youtu.be/FDiapbD0Xfg
@DevMisc
#minecraft #lowlevel #extra
TypeScript is Literal Magic
Merge union types into every possible combination using template literal types.
https://youtube.com/watch?v=5JqzCjg4YRU
@DevMisc
#javanoscript #typenoscript #tips
Merge union types into every possible combination using template literal types.
https://youtube.com/watch?v=5JqzCjg4YRU
@DevMisc
#javanoscript #typenoscript #tips
What Is Fast-Math?
https://pspdfkit.com/blog/2021/understanding-fast-math/
@DevMisc
#c #compiler #lowlevel
-ffast-math is a compiler flag that enables a set of aggressive floating-point optimizations.https://pspdfkit.com/blog/2021/understanding-fast-math/
@DevMisc
#c #compiler #lowlevel
Windows 10 RCE: The exploit is in the link
"We discovered a drive-by code execution vulnerability on Windows 10 via IE11/Edge Legacy and MS Teams."
https://positive.security/blog/ms-officecmd-rce
@DevMisc
#windows #security #rce
"We discovered a drive-by code execution vulnerability on Windows 10 via IE11/Edge Legacy and MS Teams."
https://positive.security/blog/ms-officecmd-rce
@DevMisc
#windows #security #rce