HackerOne – Telegram
HackerOne
@HackerOne
11K subscribers
644 photos
31 videos
79 files
2.74K links
Community : @Sec0x01
@Bug0x
Download Telegram
About
Blog
Apps
Platform
Join
HackerOne
11K subscribers
HackerOne
@cybersecarticles
Free course
1.95K viewsAmir Kiani
HackerOne
https://github.com/pry0cc/axiom
GitHub
GitHub - pry0cc/axiom: The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools…
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more! - pry0cc/axiom
2.12K viewsAmir Kiani
HackerOne
https://portswigger.net/research/cracking-recaptcha-turbo-intruder-style
PortSwigger Research
Cracking reCAPTCHA, Turbo Intruder style
Tired of proving you're not a robot? In this post, I'll show how you can partially bypass Google reCAPTCHA by using a new Turbo Intruder feature to trigger a race condition. This vulnerability was rep
2.21K viewsAmir Kiani
HackerOne
https://hackerone.com/reports/873614
HackerOne
PlayStation disclosed on HackerOne: Websites Can Run Arbitrary Code...
-
1.89K viewsAmir Kiani
HackerOne
https://docs.google.com/document/d/1-l1dagQ643nH8chDl2VwRwdJxZZ6D3M1K07pvLfAbSI/edit



#RoadMap
Google Docs
Security & Hacking related books
Basic OS & Networking: The Linux Command Line 2nd ed. Linux Bible 10th Ed. (Must-read for beginners as a reference book) Network+ Study guide. (Must-read for beginners.) Security+ Study guide. Basic intro to security. MCSA Windows 10 Study Guide MCSA Networking…
2.1K viewsAmir Kiani, edited  
HackerOne
https://www.usenix.org/conference/woot13/workshop-program/presentation/kholia
2.06K viewsAmir Kiani
HackerOne
https://bugs.chromium.org/p/project-zero/issues/list?q=localhost%20owner%3Ataviso%40google.com&can=1
2.08K viewsAmir Kiani
HackerOne
The #CERT Coordination Center (CERT/CC) has released information on 33 vulnerabilities, known as AMNESIA:33, affecting multiple embedded open-source Transmission Control Protocol/Internet Protocol (#TCP/IP) stacks. A remote attacker could #exploit some of these vulnerabilities to take control of an affected system.

https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01
1.98K viewsAdeL
HackerOne
https://medium.com/@win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204
Medium
How I made $31500 by submitting a bug to Facebook
How did I found SSRF in Facebook — the story of my first bug bounty
2.04K viewsAmir Kiani
HackerOne
https://github.com/EmpireProject/Empire
GitHub
GitHub - EmpireProject/Empire: Empire is a PowerShell and Python post-exploitation agent.
Empire is a PowerShell and Python post-exploitation agent. - EmpireProject/Empire
1.89K viewsAmir Kiani
HackerOne
https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/Rants%26Writeups/Hacking%20Team%20Writeup.md
GitHub
Infosec_Reference/Draft/Rants&Writeups/Hacking Team Writeup.md at master · rmusser01/Infosec_Reference
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version. - rmusser01/Infosec_Reference
1.93K viewsAmir Kiani
HackerOne
https://github.com/rmusser01/Infosec_Reference/tree/master/Draft/Rants%26Writeups
GitHub
Infosec_Reference/Draft/Rants&Writeups at master · rmusser01/Infosec_Reference
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version. - rmusser01/Infosec_Reference
2.04K viewsAmir Kiani
HackerOne
Hacker OPSEC
grugq.github.io
#OpSec
2.15K viewsAmir Kiani
HackerOne
https://grugq.github.io/presentations/Keynote_The_Grugq_-_OPSEC_for_Russians.pdf
2.46K viewsAmir Kiani
HackerOne
#threatleak

https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/theft-fireeye-red-team-tools
2.74K viewsAdeL
HackerOne
SANS Holiday Hack Challenge holidayhackchallenge.com
2.85K viewsAmir Kiani
HackerOne
a denial of service bug worth 1000$
https://hackerone.com/reports/1018037
HackerOne
Basecamp disclosed on HackerOne: a very long name in hey.com can...
Summary :
=========
after trying to change my initial name to something long i found out that their are no limits to how long it can be , so i directly changed it to something very long {F1050497}...
2.98K viewsAmir Kiani
HackerOne
PoC exploits for CVE-2020-17143 and CVE-2020-17141 which demonstrate the XXE bugs against Exchange Server.

- Low privileged authentication only
- CVE-2020-17141 is interesting because its in the EWS API

https://srcincite.io/pocs/cve-2020-17143.py.txt
https://srcincite.io/pocs/cve-2020-17141.py.txt
2.56K viewsAdeL
HackerOne
2.43K viewsAmir Kiani
HackerOne
😐
2.18K viewsAmir Kiani
HackerOne
Forwarded from Security Analysis
CVE-2020-25695 Privilege Escalation in Postgresql - Staaldraad

https://staaldraad.github.io/post/2020-12-15-cve-2020-25695-postgresql-privesc/
#db #pe #postgresql @securation
Staaldraad
CVE-2020-25695 Privilege Escalation in Postgresql
It has been quite a year, I hope everyone is well and staying safe. This is my first and probably only post for the year, and covers a fun privilege escalation vulnerability I found in Postgresql. This affects all supported versions of Postgresql going back…
2.06K viewsAdeL