📊 Watcher Summary Report
🔹 BUGCROWD: 0 new item
🔹 HACKERONE: 91 new items
🔹 INTIGRITI: 1 new item
🔹 YESWEHACK: 0 new item
🔹 FEDERACY: 0 new item
🔗 Details: Click here
#zerosec #bugbounty #watcher #summary_report
⭐️ @ZeroSec_team
🔹 BUGCROWD: 0 new item
🔹 HACKERONE: 91 new items
🔹 INTIGRITI: 1 new item
🔹 YESWEHACK: 0 new item
🔹 FEDERACY: 0 new item
🔗 Details: Click here
#zerosec #bugbounty #watcher #summary_report
⭐️ @ZeroSec_team
❤3😁1
📊 Watcher Summary Report
🔹 BUGCROWD: 1 new item
🔹 HACKERONE: 92 new items
🔹 INTIGRITI: 1 new item
🔹 YESWEHACK: 1 new item
🔹 FEDERACY: 0 new item
🔗 Details: Click here
#zerosec #bugbounty #watcher #summary_report
⭐️ @ZeroSec_team
🔹 BUGCROWD: 1 new item
🔹 HACKERONE: 92 new items
🔹 INTIGRITI: 1 new item
🔹 YESWEHACK: 1 new item
🔹 FEDERACY: 0 new item
🔗 Details: Click here
#zerosec #bugbounty #watcher #summary_report
⭐️ @ZeroSec_team
TLP_CLEAR_BtHoster_Identifying_noisy_networks_emitting_malicious.pdf
5.7 MB
Evolution of Tycoon 2FA Defense Evasion Mechanisms: Analysis and Timeline
Blog : https://any.run/cybersecurity-blog/tycoon2fa-evasion-analysis/
⭐️ @ZeroSec_team
Blog : https://any.run/cybersecurity-blog/tycoon2fa-evasion-analysis/
⭐️ @ZeroSec_team
👍2🔥1
📊 Watcher Summary Report
🔹 BUGCROWD: 1 new item
🔹 HACKERONE: 96 new items
🔹 INTIGRITI: 1 new item
🔹 YESWEHACK: 1 new item
🔹 FEDERACY: 0 new item
🔗 Details: Click here
#zerosec #bugbounty #watcher #summary_report
⭐️ @ZeroSec_team
🔹 BUGCROWD: 1 new item
🔹 HACKERONE: 96 new items
🔹 INTIGRITI: 1 new item
🔹 YESWEHACK: 1 new item
🔹 FEDERACY: 0 new item
🔗 Details: Click here
#zerosec #bugbounty #watcher #summary_report
⭐️ @ZeroSec_team
👍1
In this video, we solve the PortSwigger Web LLM Attack lab step by step.
🔹 Learn what Web LLM Attack is
🔹 See how to exploit it on the PortSwigger lab
🔹 Understand how this vulnerability can be applied in real-world scenarios
This video is perfect for anyone looking to improve their skills in web hacking, bug bounty, and penetration testing.
📌 Topics & Tags:
#WebLLMAttack #PortSwigger #WebSecurity #BugBounty #Hacking
💡 Tip: Don’t forget to like, comment, and subscribe for more web security tutorials!
https://www.youtube.com/watch?v=-UdUgl0pv4w
⭐️ @ZeroSec_team
🔹 Learn what Web LLM Attack is
🔹 See how to exploit it on the PortSwigger lab
🔹 Understand how this vulnerability can be applied in real-world scenarios
This video is perfect for anyone looking to improve their skills in web hacking, bug bounty, and penetration testing.
📌 Topics & Tags:
#WebLLMAttack #PortSwigger #WebSecurity #BugBounty #Hacking
💡 Tip: Don’t forget to like, comment, and subscribe for more web security tutorials!
https://www.youtube.com/watch?v=-UdUgl0pv4w
⭐️ @ZeroSec_team
❤2🔥1👌1
📊 Watcher Summary Report
🔹 BUGCROWD: 0 new item
🔹 HACKERONE: 11 new items
🔹 INTIGRITI: 0 new item
🔹 YESWEHACK: 0 new item
🔹 FEDERACY: 0 new item
🔗 Details: Click here
#zerosec #bugbounty #watcher #summary_report
⭐️ @ZeroSec_team
🔹 BUGCROWD: 0 new item
🔹 HACKERONE: 11 new items
🔹 INTIGRITI: 0 new item
🔹 YESWEHACK: 0 new item
🔹 FEDERACY: 0 new item
🔗 Details: Click here
#zerosec #bugbounty #watcher #summary_report
⭐️ @ZeroSec_team
❤3
سلام دوستان رایتاپ باگ هایی که این ماه خودتون زدید رو بفرستید بهتریناشو بزاریم کانال
لینک گپ :
@ZeroSec_group
لینک گپ :
@ZeroSec_group
❤4
Pwning WebAssembly: Bypassing XSS Filters in the WASM Sandbox
https://zoozoo-sec.github.io/blogs/PwningWasm-BreakingXssFilters/
@ZeroSec_group
https://zoozoo-sec.github.io/blogs/PwningWasm-BreakingXssFilters/
@ZeroSec_group
zoozoo-sec.github.io
Pwning WebAssembly: Bypassing XSS Filters in the WASM Sandbox
Explore WebAssembly internals and security implications in WASM Linear Memory Sandbox.
❤2👍1
با توجه به آمارها، حدود ۸۰٪ از دسترسی اولیه (Initial Access) به سیستمها از طریق حملات مهندسی اجتماعی و phishing صورت میگیرد.
مجموعهای از چهار کتاب مرجع و کلیدی در حوزه مهندسی اجتماعی و فیشینگ آماده کردهایم که از امروز به لیست منابع سایت اضافه شدند. توضیحات تکمیلی این کتابها به زودی در سایت و کانال منتشر خواهد شد.
📚 کتابهای معرفی شده:
The Art of Deception
The Science of Human Hacking
Phishing Dark Waters
Ghost in the Wires
⭐️ @ZeroSec_team
مجموعهای از چهار کتاب مرجع و کلیدی در حوزه مهندسی اجتماعی و فیشینگ آماده کردهایم که از امروز به لیست منابع سایت اضافه شدند. توضیحات تکمیلی این کتابها به زودی در سایت و کانال منتشر خواهد شد.
📚 کتابهای معرفی شده:
The Art of Deception
The Science of Human Hacking
Phishing Dark Waters
Ghost in the Wires
⭐️ @ZeroSec_team
❤5🔥1
Red Team Development and Operations [ @Book_Resource ].pdf
3.4 MB
Red Team Development and Operation
جای پول دادن به دوره کتاب بخونید شدیدا این کتاب پیشنهاد میشه کسایی که تازه دارن شروع میکنن
⭐️ @ZeroSec_team
جای پول دادن به دوره کتاب بخونید شدیدا این کتاب پیشنهاد میشه کسایی که تازه دارن شروع میکنن
⭐️ @ZeroSec_team
❤5
Forwarded from Hack Hive
#number1:
Broken Access Control
Broken Access Control happens when applications fail to properly enforce who can access what. As a result, users may read or modify data, escalate privileges, or reach hidden resources. It often shows up as IDOR, missing server-side checks, or misconfigured CORS. Preventing it requires strict server-side authorization, deny-by-default policies, and proper validation of ownership and roles.
Main Categories:
Insecure Direct Object References (IDOR)
Sensitive Data Exposure via weak access rules
Authentication & Authorization Issues
Metadata Manipulation (cookies, tokens, JWT)
Misconfiguration (CORS, forced browsing, open redirect)
Functional Level Access Control Issues
For more information:
https://m.youtube.com/watch?v=_jz5qFWhLcg&pp=ygUfI2Jlc3RidWdib3VudHlib29rc2ZvcmJlZ2lubmVycw%3D%3D
#owasp_stories
@hackhive_channel 🐝
Broken Access Control
Broken Access Control happens when applications fail to properly enforce who can access what. As a result, users may read or modify data, escalate privileges, or reach hidden resources. It often shows up as IDOR, missing server-side checks, or misconfigured CORS. Preventing it requires strict server-side authorization, deny-by-default policies, and proper validation of ownership and roles.
Main Categories:
Insecure Direct Object References (IDOR)
Sensitive Data Exposure via weak access rules
Authentication & Authorization Issues
Metadata Manipulation (cookies, tokens, JWT)
Misconfiguration (CORS, forced browsing, open redirect)
Functional Level Access Control Issues
For more information:
https://m.youtube.com/watch?v=_jz5qFWhLcg&pp=ygUfI2Jlc3RidWdib3VudHlib29rc2ZvcmJlZ2lubmVycw%3D%3D
#owasp_stories
@hackhive_channel 🐝
❤4
Forwarded from Hack Hive
Hack Hive
#number1: Broken Access Control Broken Access Control happens when applications fail to properly enforce who can access what. As a result, users may read or modify data, escalate privileges, or reach hidden resources. It often shows up as IDOR, missing server…
idor (3).pdf
1.4 MB
#number1_1:
IDOR(Insecure Direct Object References)
For practice:
Easy level=
https://github.com/Laburity/vulnerable-IDOR-lab?utm_source=chatgpt.com
Medium level =
https://portswigger.net/web-security/all-labs#path-traversal
And
https://portswigger.net/web-security/all-labs#access-control-vulnerabilities
And
https://www.hackthebox.com/
And
https://tryhackme.com/challenges
Hard level =
https://pentesterlab.com/exercises/idor-to-shell?utm_source=chatgpt.com
#owasp_series
@hackhive_channel 🐝
IDOR(Insecure Direct Object References)
For practice:
Easy level=
https://github.com/Laburity/vulnerable-IDOR-lab?utm_source=chatgpt.com
Medium level =
https://portswigger.net/web-security/all-labs#path-traversal
And
https://portswigger.net/web-security/all-labs#access-control-vulnerabilities
And
https://www.hackthebox.com/
And
https://tryhackme.com/challenges
Hard level =
https://pentesterlab.com/exercises/idor-to-shell?utm_source=chatgpt.com
#owasp_series
@hackhive_channel 🐝
❤4
Hack Hive
#number1: Broken Access Control Broken Access Control happens when applications fail to properly enforce who can access what. As a result, users may read or modify data, escalate privileges, or reach hidden resources. It often shows up as IDOR, missing server…
مقاله یکی از بچه ها درمورد IDOR من نخوندم ولی انگار خوبه👍
❤5👍1
یه باگ تازه توی IIS Web Deploy پیدا شده (اسمش CVE-2025-53772). مشکلش اینه که وقتی دادهها رو میگیره، مثل آدم حسابی چک نمیکنه و همونو باز میکنه، این باعث میشه یکی بتونه از راه دور روش کد دلخواه اجرا کنه. فقط کافیه یه کاربر لاگین ساده باشی، دیگه نیازی به هیچ معجزهای نیست، راحت میشه روش RCE زد.
POC
⭐️ @ZeroSec_team
POC
⭐️ @ZeroSec_team
❤6
⚡️Recently updated Proof-of-Concepts
✔️Link to Download - https://github.com/0xMarcio/cve
⭐️ @Zerosec_team
✔️Link to Download - https://github.com/0xMarcio/cve
⭐️ @Zerosec_team
🔥2❤1