This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely cont...

It all started in month of August when I reached out to Gerben Javado regarding a question, yes it was a basic question but a quick chat…

When doing penetrating on this target, I collaborated with YoKo Kho to get the highest privileges. In this paper you may find a little…

No spam, illegal acitivities, advertising without admin's approval, harrassing members or full disclosure of vulnerability (partial disclosure is fine)

Bug Hunting Resources
@bug_hunting

Happy hunting! 🥰

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack - incredibleindishell/SSRF_Vulnerable_Lab

Yesterday, a new version of DOMPurify (very popular XSS sanitization library) was released, that fixed a bypass reported by us. In this post I’ll show how exactly the bypass looked like preceded by general information about DOMPurify and how it works. If…

We've added a brand new topic on testing for #WebSockets vulnerabilities, including three new labs. https://t.co/kZhy25Qho1

In this section, we'll explain how to manipulate WebSocket messages and connections, describe the kinds of security vulnerabilities that can arise with ...

In this methodology I've specified a way to exploit SSTI where traditional methods of exploitation failed.

At Casper, we revived a dead bug bounty program and made security part of the culture along the way.

Hi guys whatsup! This is Udhay an security researcher . Here im presenting my research on unrestricted file upload vulnerablities.

Download HackBar V2 for Firefox. [No License, FOREVER FREE] A HackBar for new firefox (Firefox Quantum). This addon is written in webextension and alternatives to the XUL version of original Hackbar.

You can ask request here: https://github.com/Hack-Free/HackBar

In part two of G Suite vulnerability discussion, I am writing about a simple but quite serious vulnerability in yet another part of G Suite…