HackerOne – Telegram
HackerOne
@HackerOne
11K subscribers
644 photos
31 videos
79 files
2.74K links
Community : @Sec0x01
@Bug0x
Download Telegram
About
Blog
Apps
Platform
Join
HackerOne
11K subscribers
HackerOne
https://0x09al.github.io/waf/bypass/ssl/2018/07/02/web-application-firewall-bypass.html
0x09AL Security blog
Bypassing Web-Application Firewalls by abusing SSL/TLS
During the latest years Web Security has become a very important topic in the IT Security field. The advantages the web offers resulted in very critical services being developed as web applications. The business requirements for their web applications security…
1.46K viewsAmir
HackerOne
Android Mobile CTFs:
https://github.com/xtiankisutsa/awesome-mobile-CTF
GitHub
GitHub - xtiankisutsa/awesome-mobile-CTF: This is a curated list of mobile based CTFs, write-ups and vulnerable apps. Most of them…
This is a curated list of mobile based CTFs, write-ups and vulnerable apps. Most of them are android based due to the popularity of the platform. - GitHub - xtiankisutsa/awesome-mobile-CTF: This i...
1.78K viewsMir Saman Tajbakhsh
HackerOne
https://medium.com/@th3g3nt3l/how-i-found-an-ssrf-in-yahoo-guesthouse-recon-wins-8722672e41d4
Medium
How i found an SSRF in Yahoo! Guesthouse (Recon Wins)
Hi Guys,
1.34K viewsAmir
HackerOne
165.pdf
3.4 MB
Find Evil - know normal. \n hunting malware document
1.94K viewsxDD, edited  
HackerOne
backdooring pe file with aslr
https://hansesecure.de/backdooring-pe-file-with-aslr/
1.2K viewsxDD
HackerOne
Forwarded from PacktPub Free Learning
Today free book is out!
Expert Delphi
https://www.packtpub.com/packt/offers/free-learning
129 viewsxDD
HackerOne
https://github.com/OWASP/OWASP-Testing-Guide-v5
GitHub
GitHub - OWASP/wstg: The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications…
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services. - OWASP/wstg
4.03K viewsAmir
HackerOne
https://github.com/linkedin/qark
GitHub
GitHub - linkedin/qark: Tool to look for several security related Android application vulnerabilities
Tool to look for several security related Android application vulnerabilities - linkedin/qark
1.39K viewsMir Saman Tajbakhsh
HackerOne
https://raw.githubusercontent.com/Captainarash/The_Holy_Book_of_X86/master/book_vol_1.txt
1.31K viewsB14CK SPID3R
HackerOne
Forwarded from P0SCon
91 viewsMir Saman Tajbakhsh
HackerOne
Forwarded from P0SCon
Details of Speakers: Nikita Tarakanov - BlackHat USA 2017 Speaker
93 viewsMir Saman Tajbakhsh
HackerOne
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/11/hawkeye-keylogger-reborn-v8-an-in-depth-campaign-analysis/
Microsoft Security Blog
Hawkeye Keylogger - Reborn v8: An in-depth campaign analysis | Microsoft Security Blog
Hawkeye Keylogger is an info-stealing malware that’s being sold as malware-as-a-service. Over the years, the malware authors behind Hawkeye have improved the malware service, adding new capabilities and techniques.
1.18K viewsxDD
HackerOne
Kenan Abdullahoğlu is one of the Turkey's cryptocurrency leaders. He has been interviewed with many news networks including Al Jazeera and BloombergHT about the different aspects of cryptocurrency including its security. Kenan will be present at poscon2018. More information and registration:
http://poscon.ir

@P0SCon
1.49K viewsMir Saman Tajbakhsh
HackerOne
CVE-2018-13784: PrestaShop 1.6.x Privilege Escalation
https://www.ambionics.io/blog/prestashop-privilege-escalation
Ambionics
PrestaShop 1.6 Privilege Escalation
Prestashop 1.6.1.19 sessions can be read and written by an attacker, resulting in a range of vulnerabilities including privilege escalation and remote code execution.
1.03K viewsAmir
HackerOne
http://karmainsecurity.com/hacking-magento-ecommerce-for-fun-and-17000-usd
1K viewsAmir
HackerOne
https://github.com/Rizer0/Log-killer
GitHub
GitHub - Rizer0/Log-killer: Clear all your logs in [linux/windows] servers 🛡️
Clear all your logs in [linux/windows] servers 🛡️. Contribute to Rizer0/Log-killer development by creating an account on GitHub.
1.19K viewsMir Saman Tajbakhsh
HackerOne
@P0SCon
1.17K viewsMir Saman Tajbakhsh
HackerOne
Microsoft Identity Bounty Program Pays $500 to $100,000 for Bugs
https://www.darkreading.com/endpoint/microsoft-identity-bounty-program-pays-$500-to-$100000-for-bugs/d/d-id/1332325?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Researchers will be rewarded for vulnerabilities found in identity solutions and implementations of certain OpenID standards.
Dark Reading
Microsoft Identity Bounty Program Pays $500 to $100,000 for Bugs
Researchers will be rewarded for vulnerabilities found in identity solutions and implementations of certain OpenID standards.
1.18K viewsAwdel
HackerOne
https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/
1.17K viewsAmir
HackerOne
https://0x09al.github.io/security/ctp/osce/exploitation/2017/07/06/osce-ctp-prep-heapspreay-seh-egghunter.html
0x09AL Security blog
OSCE - CTP Course Preparation - HeapSpray + SEH + EggHunter
Introduction
1.17K viewsAmir
HackerOne
Google User Content CDN Used for Malware Hosting
https://www.bleepingcomputer.com/news/security/google-user-content-cdn-used-for-malware-hosting/

Hackers are hiding malicious code inside the metadata fields of images hosted on Google's official CDN (content delivery network) —googleusercontent.com. [...]
BleepingComputer
Google User Content CDN Used for Malware Hosting
Hackers are hiding malicious code inside the metadata fields of images hosted on Google's official CDN (content delivery network) —googleusercontent.com.
1.17K viewsAwdel