HackerOne – Telegram
HackerOne
@HackerOne
11K subscribers
644 photos
31 videos
79 files
2.74K links
Community : @Sec0x01
@Bug0x
Download Telegram
About
Blog
Apps
Platform
Join
HackerOne
11K subscribers
HackerOne
https://twitter.com/i/status/1029736793644703744
Twitter
Abdulrhman Alqabandi
Firefox SSL lock spoof, writeup soon. https://t.co/nVg7bW7KcW
1.14K viewsAmir Kiani
HackerOne
https://leucosite.com/Firefox-uXSS-and-CSS-XSS/
Leucosite
Firefox uXSS and CSS XSS
CSS XSS came back for a bit which lead to an unusual uXSS
1.23K viewsAmir Kiani
HackerOne
https://portswigger.net/blog/practical-web-cache-poisoning
PortSwigger Research
Practical Web Cache Poisoning
In this paper I'll show you how to compromise websites by using esoteric web features to turn their caches into exploit delivery systems
1.37K viewsAmir Kiani
HackerOne
Exploring, Exploiting Active Directory Admin Flaws
https://www.darkreading.com/vulnerabilities---threats/exploring-exploiting-active-directory-admin-flaws/d/d-id/1332593?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Common methods AD administrators use to protect their environments can easily be exploited. Here's how.
Dark Reading
Exploring, Exploiting Active Directory Admin Flaws
Common methods AD administrators use to protect their environments can easily be exploited. Here's how.
1.45K viewsAwdel
HackerOne
https://blog.path.network/fuzzing-cs-go-bsp-files/
Path Network, Inc - Blog
Fuzzing CS:GO BSP Files
We fuzzed BSP map files for Counter Strike: Global Offensive leading to the discovery of a stack-based buffer overflow. Through some reverse engineering and source code analysis, we discovered that the vulnerability can lead to remote code execution.
1.84K viewsAmir Kiani
HackerOne
https://github.com/Souhardya/Uboat
GitHub
UBoat-Botnet/UBoat
HTTP Botnet Project. Contribute to UBoat-Botnet/UBoat development by creating an account on GitHub.
1.52K viewsMir Saman Tajbakhsh
HackerOne
https://hackerone.com/reports/395518
HackerOne
HackerOne disclosed on HackerOne: Internal usage of AdBlockPlus may...
Hello HackerOne team,

this is probably going to be a *different* kind of report than what you are used to: it looks to me this is more of an internal, operational security best-practice that you...
1.38K viewsAmir Kiani
HackerOne
https://www.owasp.org/index.php/OWASP_Mobile_Security_Project
1.28K viewsAmir Kiani, edited  
HackerOne
https://www.blackhillsinfosec.com/how-to-hack-websockets-and-socket-io/
Black Hills Information Security, Inc.
How to Hack WebSockets and Socket.io - Black Hills Information Security, Inc.
Ethan Robish // WebSockets Overview WebSockets is a technology to allow browsers and servers to establish a single TCP connection and then asynchronously communicate in either direction. This is great […]
1.62K viewsAmir Kiani
HackerOne
Forwarded from Rayanfam (Sina)
Hypervisor From Scratch – Part 1: Basic Concepts & Configure Testing Environment https://rayanfam.com/topics/hypervisor-from-scratch-part-1/
Rayanfam Blog
Hypervisor From Scratch - Part 1: Basic Concepts & Configure Testing Environment
We write about Windows Internals, Hypervisors, Linux, and Networks.
144 viewsAwdel
HackerOne
https://ninja.style/post/bcard/
1.54K viewsxDD
HackerOne
https://haiderm.com/10-methods-to-bypass-cross-site-request-forgery-csrf/
Haider's Infosec Blog
10 Methods to Bypass Cross Site Request Forgery Protection
Anti CSRF token bypass, Cross Site Request Forgery Bypass, Cross Site Request Forgery examples, Methods to Bypass CSRF, CSRF protection
1.71K viewsAmir Kiani
HackerOne
https://blog.scrt.ch/2018/08/24/remote-code-execution-on-a-facebook-server/
1.33K viewsAmir Kiani
HackerOne
https://hackenproof.com/cup
Hackenproof
HackenProof is Vulnerability Disclosure & Bug Bounty Platform. By working with the community of security researchers we help companies uncover security vulnerabilities.
1.32K viewsAmir Kiani
HackerOne
1.27K viewsxDD
HackerOne
https://hackerone.com/reports/398641
HackerOne
DuckDuckGo disclosed on HackerOne: SSRF on duckduckgo.com/iu/
Normally, a call to `https://duckduckgo.com/iu` contains a query parameter (`u`) with some path using the domain `yimg.com`. This call will succeed in most cases.
{F337121}

And if we change that...
1.51K viewsAmir Kiani
HackerOne
https://github.com/portswigger/upload-scanner
GitHub
GitHub - PortSwigger/upload-scanner: HTTP file upload scanner for Burp Proxy
HTTP file upload scanner for Burp Proxy. Contribute to PortSwigger/upload-scanner development by creating an account on GitHub.
1.79K viewsAmir Kiani
HackerOne
https://www.offensive-security.com/offsec/say-try-harder/
OffSec
Offensive Security Say – Try Harder! | OffSec
Offsec students go through hell. We've dedicated the following song to anyone who's taken an Offsec course. Do you have what it takes to Try Harder?
1.51K viewsAmir Kiani
HackerOne
https://cdn.area1security.com/reports/Area-1-Security-OperationDoos-IRN2%20Targets%20Saudi%20Arabian%20Oil%20and%20Gas%20Industry%20With%20Career-Themed%20Phishing%20Attack.pdf
2.31K viewsAmir Kiani
HackerOne
PCLITEOS is a hardened Unix-like operating system based on BSD and Linux kernel for desktop and workstation that is designed registered and supported by PCLITE LTD Software & Hardware Systems(England and Wales) There are Professional and Enterprise editions both present KDE plasma and Qt applications for different types of work PCLITEOS is configured with LVM and OpenZFS as defaults.

https://pclite.net
1.68K viewsMir Saman Tajbakhsh
HackerOne
1.57K viewsAmir Kiani