HackerOne – Telegram
HackerOne
@HackerOne
11K subscribers
644 photos
31 videos
79 files
2.74K links
Community : @Sec0x01
@Bug0x
Download Telegram
About
Blog
Apps
Platform
Join
HackerOne
11K subscribers
HackerOne
Designing The Adversary Simulation Lab

https://www.mdsec.co.uk/2020/04/designing-the-adversary-simulation-lab/
MDSec
Designing The Adversary Simulation Lab - MDSec
As some of you will know, we have recently entered into the Red Team training space. Before deciding to create our course now known as “Adversary Simulation and Red Team...
2K viewsAdeL
HackerOne
🇮🇱: Hackers who breached Israeli insurance firm demand $1m to keep data private.


https://www.timesofisrael.com/hackers-who-breached-israeli-insurance-firm-demand-1m-to-keep-data-private/amp/
The Times of Israel
Hackers who breached Israeli insurance firm demand $1m to keep data private
Group warns sum will double every 24 hours, and say they'll sell the documents if ransom money not paid within 3 days
2.15K viewsAdeL
HackerOne
Researchers Discover New Obfuscation-As-a-Service Platform
https://www.darkreading.com/cloud/researchers-discover-new-obfuscation-as-a-service-platform/d/d-id/1339609

via Dark Reading
Dark Reading
Researchers Discover New Obfuscation-As-a-Service Platform
Researchers detail how a Android APK obfuscation service automates detection evasion for highly malicious apps.
2.28K viewsAdeL
HackerOne
@cybersecarticles
Free course
1.95K viewsAmir Kiani
HackerOne
https://github.com/pry0cc/axiom
GitHub
GitHub - pry0cc/axiom: The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools…
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more! - pry0cc/axiom
2.12K viewsAmir Kiani
HackerOne
https://portswigger.net/research/cracking-recaptcha-turbo-intruder-style
PortSwigger Research
Cracking reCAPTCHA, Turbo Intruder style
Tired of proving you're not a robot? In this post, I'll show how you can partially bypass Google reCAPTCHA by using a new Turbo Intruder feature to trigger a race condition. This vulnerability was rep
2.21K viewsAmir Kiani
HackerOne
https://hackerone.com/reports/873614
HackerOne
PlayStation disclosed on HackerOne: Websites Can Run Arbitrary Code...
-
1.89K viewsAmir Kiani
HackerOne
https://docs.google.com/document/d/1-l1dagQ643nH8chDl2VwRwdJxZZ6D3M1K07pvLfAbSI/edit



#RoadMap
Google Docs
Security & Hacking related books
Basic OS & Networking: The Linux Command Line 2nd ed. Linux Bible 10th Ed. (Must-read for beginners as a reference book) Network+ Study guide. (Must-read for beginners.) Security+ Study guide. Basic intro to security. MCSA Windows 10 Study Guide MCSA Networking…
2.1K viewsAmir Kiani, edited  
HackerOne
https://www.usenix.org/conference/woot13/workshop-program/presentation/kholia
2.06K viewsAmir Kiani
HackerOne
https://bugs.chromium.org/p/project-zero/issues/list?q=localhost%20owner%3Ataviso%40google.com&can=1
2.08K viewsAmir Kiani
HackerOne
The #CERT Coordination Center (CERT/CC) has released information on 33 vulnerabilities, known as AMNESIA:33, affecting multiple embedded open-source Transmission Control Protocol/Internet Protocol (#TCP/IP) stacks. A remote attacker could #exploit some of these vulnerabilities to take control of an affected system.

https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01
1.98K viewsAdeL
HackerOne
https://medium.com/@win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204
Medium
How I made $31500 by submitting a bug to Facebook
How did I found SSRF in Facebook — the story of my first bug bounty
2.04K viewsAmir Kiani
HackerOne
https://github.com/EmpireProject/Empire
GitHub
GitHub - EmpireProject/Empire: Empire is a PowerShell and Python post-exploitation agent.
Empire is a PowerShell and Python post-exploitation agent. - EmpireProject/Empire
1.89K viewsAmir Kiani
HackerOne
https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/Rants%26Writeups/Hacking%20Team%20Writeup.md
GitHub
Infosec_Reference/Draft/Rants&Writeups/Hacking Team Writeup.md at master · rmusser01/Infosec_Reference
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version. - rmusser01/Infosec_Reference
1.93K viewsAmir Kiani
HackerOne
https://github.com/rmusser01/Infosec_Reference/tree/master/Draft/Rants%26Writeups
GitHub
Infosec_Reference/Draft/Rants&Writeups at master · rmusser01/Infosec_Reference
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version. - rmusser01/Infosec_Reference
2.04K viewsAmir Kiani
HackerOne
Hacker OPSEC
grugq.github.io
#OpSec
2.15K viewsAmir Kiani
HackerOne
https://grugq.github.io/presentations/Keynote_The_Grugq_-_OPSEC_for_Russians.pdf
2.46K viewsAmir Kiani
HackerOne
#threatleak

https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/theft-fireeye-red-team-tools
2.74K viewsAdeL
HackerOne
SANS Holiday Hack Challenge holidayhackchallenge.com
2.85K viewsAmir Kiani
HackerOne
a denial of service bug worth 1000$
https://hackerone.com/reports/1018037
HackerOne
Basecamp disclosed on HackerOne: a very long name in hey.com can...
Summary :
=========
after trying to change my initial name to something long i found out that their are no limits to how long it can be , so i directly changed it to something very long {F1050497}...
2.98K viewsAmir Kiani
HackerOne
PoC exploits for CVE-2020-17143 and CVE-2020-17141 which demonstrate the XXE bugs against Exchange Server.

- Low privileged authentication only
- CVE-2020-17141 is interesting because its in the EWS API

https://srcincite.io/pocs/cve-2020-17143.py.txt
https://srcincite.io/pocs/cve-2020-17141.py.txt
2.56K viewsAdeL