NEW BOT Телеграм, страница - 611485249

HackerOne

11K subscribers

644 photos

31 videos

79 files

2.74K links

Community : @Sec0x01
@Bug0x

Download Telegram

About

Blog

Apps

Platform

11K subscribers

https://medium.com/@arbazhussain/race-condition-bypassing-team-limit-b162e777ca3b

Race Condition bypassing team limit

Severity: Medium

2.13K viewsAmir Kiani, 20:05

2.15K viewsAmir Kiani, 20:41

https://medium.com/walmartlabs/reverse-engineering-an-obfuscated-malicious-macro-3fd4d4f9c439

Reverse Engineering an Obfuscated Malicious Macro

Malicious Microsoft Office documents have been a staple of commercial cybersecurity threat actors for some time. The ubiquity of Office in…

2.49K viewsAdel, 21:03

Google introduces OpenSk, an Open Source security key implementation

https://ift.tt/2OudAMn

Say hello to OpenSK: a fully open-source security key implementation

Posted by Elie Bursztein, Security & Anti-abuse Research Lead, and Jean-Michel Picod, Software Engineer, Google Today, FIDO security...

2.73K viewsAdel, 17:57

PHP 7.0-7.4 disable_functions bypass 0day PoC

https://github.com/mm0r1/exploits/tree/master/php7-backtrace-bypass

exploits/php7-backtrace-bypass at master · mm0r1/exploits

Pwn stuff. Contribute to mm0r1/exploits development by creating an account on GitHub.

2.63K viewsAdel, 09:03

Yet Another Sudo Vulnerability!

When 'pwfeedback' is enabled, a new Sudo bug could let low privileged Linux & macOS users (or malicious programs) execute arbitrary commands with 'root' privileges.

Details for CVE-2019-18634 ➤ https://thehackernews.com/2020/02/sudo-linux-vulnerability.html

3.68K viewsAdel, 00:20

3.01K viewsAmir Kiani, 19:55

https://0xatul.github.io/posts/2020/02/external-xml-entity-via-file-upload-noscript/

2.72K viewsAmir Kiani, 15:23

Massive DDoS attack brought down 25% Iranian Internet connectivity

https://ift.tt/2SyIPXt

Security Affairs

Massive DDoS attack brought down 25% Iranian Internet connectivity

Iran comes under cyber-attack again, a massive offensive brought down a large portion of the Iranian access to the Internet.

2.99K viewsAdel, 19:47

https://hailstorm1422.com/linkedin-blind-idor/

2.95K viewsAmir Kiani, 17:59

https://medium.com/@osamaavvan/exploiting-websocket-application-wide-xss-csrf-66e9e2ac8dfa

Exploiting WebSocket [Application Wide XSS / CSRF]

Assalam u Alikum, it’s been a while I haven’t contributed to this wonderful community so I am back with a new write up about WebSocket…

3.59K viewsAmir Kiani, 17:59

3.7K viewsAmir Kiani, 19:58

https://www.bbc.com/news/av/stories-51660982/criminals-on-cctv-scammers-caught-red-handed

Criminals on CCTV: Scammers caught red-handed

The man who hacked into a criminal call centre to expose scammers at work.

2.69K viewsAmir Kiani, 18:51

protonmail #Down

2.34K viewsAmir Kiani, 09:58

protonmail #Down

2.28K viewsAmir Kiani, 09:59

https://medium.com/ctf-writeups/breaking-the-competition-bug-bounty-write-up-ca7cb7bc53f5
#ctf

Breaking the Competition (Bug Bounty Write-up)

In this post, I’ll be describing how I found 5 bugs on a private HackerOne program. The website that I attacked was a new CTF hosting…

2.63K viewsAmir Kiani, 10:00

https://medium.com/@valeriyshevchenko/broke-limited-scope-with-a-chain-of-bugs-ef734ac430f5?sk=9833151b2ca3b73939509dcdef79ac01

Broke limited scope with a chain of bugs (tips for every rider CORS)

One morning, I was asked to participate in a private bug bounty program. In general, my experience in security is based on such private…

2.95K viewsAmir Kiani, 17:46

2.48K viewsAmir Kiani, edited 08:58

https://hackerone.com/reports/728664

GSA Bounty disclosed on HackerOne: Cache poisoning DoS to various...

I have recently come across a technique to force a Cloudfoundry app to return a HTTP 404 error when requesting any resource, which contains cache friendly headers. What this means is, if the...

2.44K viewsAmir Kiani, 18:11

https://www.synacktiv.com/posts/exploit/im-smbghost-daba-dee-daba-da.html

2.46K viewsAmir Kiani, 18:49

https://medium.com/@testbnull/the-art-of-deserialization-gadget-hunting-part-3-how-i-found-cve-2020-2555-by-known-tools-67819b29cb63

The Art of Deserialization Gadget Hunting [part 3] (How I found CVE-2020–2555 by known tools!)

Vậy là ngày 05/03 vừa rồi, ZDI đã publish bài phân tích chi tiết về CVE-2020–2555…

2.94K viewsAmir Kiani, 19:01