How I hacked one of the biggest airlines group of the world
https://tarekbouali.com/posts/how-i-hacked-one-of-the-biggest-airlines-group-of-the-world/
https://tarekbouali.com/posts/how-i-hacked-one-of-the-biggest-airlines-group-of-the-world/
Tarek Bouali - Ethical Hacker
How I hacked one of the biggest airlines group in the world
About a year ago, when I started my first forays into HackerOne, I discovered one of the most impactful bugs I’ve ever come across. It was January 2021, when I received a private invitation to a VDP (Vulnerability Disclosure Program), it was from an airlines…
👍13🔥10
How i got access to 1600k Users PII Data
https://medium.com/@gokulap/how-i-got-access-to-1600k-users-pii-data-64a27a540963
https://medium.com/@gokulap/how-i-got-access-to-1600k-users-pii-data-64a27a540963
Medium
How i got access to 1600k Users PII Data $$$$
Hello Guys 👋 I am Gokul, Python developer, Cyber security researcher, Part time Bug hunter and Open source tool maker, Studying 3rd year…
👍7🔥2👏2
Kryptowire Identifies High Risk Security Vulnerability in Samsung Devices Running Android
https://www.kryptowire.com/news/kryptowire-identifies-high-risk-security-vulnerabilit-in-samsung-devices-running-android/
https://www.kryptowire.com/news/kryptowire-identifies-high-risk-security-vulnerabilit-in-samsung-devices-running-android/
Quokka
Mobile Security Company | Quokka
Quokka is the only mobile security company that discovers and delivers proprietary, defense-grade mobile security intelligence. Learn how to proactively remediate zero-day mobile threats.
👏2
Exploiting XSS with Javanoscript/JPEG Polyglot
https://medium.com/@Medusa0xf/exploiting-xss-with-javanoscript-jpeg-polyglot-4cff06f8201a
https://medium.com/@Medusa0xf/exploiting-xss-with-javanoscript-jpeg-polyglot-4cff06f8201a
Medium
Exploiting XSS with Javanoscript/JPEG Polyglot
What is a polyglot?
🥰4
Burp Suite Enterprise Edition Kubernetes deployment and auto-scaling https://portswigger.net/blog/burp-suite-enterprise-edition-kubernetes-deployment-and-auto-scaling
PortSwigger Blog
Burp Suite Enterprise Edition Kubernetes deployment and auto-scaling
Burp Suite Enterprise Edition is the dynamic vulnerability scanner that can help you to secure your whole web portfolio. And with release 2022.3, we've taken those same flexible Burp scans and made th
Burp Scanner can now crawl static sites between 6x - 9x faster https://portswigger.net/blog/burp-scanner-can-now-crawl-static-sites-between-6x-9x-faster
PortSwigger Blog
Burp Scanner can now crawl static sites between 6x - 9x faster
Burp Suite Professional version 2022.2.3 made Burp Scanner's crawler between 6x - 9x faster when used against static or stateless sites. This helps you to carry out automated reconnaissance much faste
👍5
Bug Bytes #166 – Double-edged SSRF, ToolTime & Fun hackers stories https://blog.intigriti.com/2022/04/06/bug-bytes-166-double-edged-ssrf-tooltime-fun-hackers-stories/
Intigriti
Bug Bytes #166 - Double-edged SSRF, ToolTime & Fun hackers stories
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comp...
👍3
Privacy Disclosure on Facebook Lite after Creating a Post https://medium.com/@RheyJuls/privacy-disclosure-on-facebook-lite-after-creating-a-post-b12a1cad8d8a
How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty https://medium.com/@k4k4r07/how-a-youtube-video-lead-to-pwning-a-web-application-via-sql-injection-worth-4324-bounty-285f0a9b9f6c
Medium
How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty
This write-up is regarding one of my findings on a private program on HackerOne. As this is a private program so I have made certain…
👍8
Android Pentesting Setup On Macbook M1
https://magarajay538.medium.com/android-pentesting-setup-on-macbook-m1-d2f1f0a8db4b
https://magarajay538.medium.com/android-pentesting-setup-on-macbook-m1-d2f1f0a8db4b
Medium
Android Pentesting Setup On Macbook M1
Hello hackers,
👍9
Deliberately vulnerable CI/CD environment. Hack CI/CD pipelines, catch the flags. 🚩 https://github.com/cider-security-research/cicd-goat
GitHub
GitHub - cider-security-research/cicd-goat: A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple…
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges. - cider-security-research/cicd-goat
👍4
ToolTime - FeroxBuster (content discovery)
https://www.jhaddix.com/post/tooltime-feroxbuster-content-discovery
https://www.jhaddix.com/post/tooltime-feroxbuster-content-discovery
jhaddix.com
ToolTime #1 - FeroxBuster (content discovery)
A new series where i will do a video cast reviewing offensive security tools!Last week I took a look at a new favorite of mine, FeroxBuster, a content discovery tool.
AWS RDS Vulnerability Leads to AWS Internal Service Credentials
https://blog.lightspin.io/aws-rds-critical-security-vulnerability
https://blog.lightspin.io/aws-rds-critical-security-vulnerability
🔥2
Bug-Bounty/Hacking Diary 4/8/22 - SQL Injection
https://www.jhaddix.com/post/bug-bounty-hacking-diary-4-8-22
https://www.jhaddix.com/post/bug-bounty-hacking-diary-4-8-22
jhaddix.com
Bug-Bounty/Hacking Diary 4/8/22 - SQL Injection
Everyone is sick in the house but I had some running scans I needed to check up on.
I found a SQL injection bug on a blog.
Here's how I did it, so you can learn... 👇 Firstly, I ran reconFTW on a set of domains related to the target. I had the main…
I found a SQL injection bug on a blog.
Here's how I did it, so you can learn... 👇 Firstly, I ran reconFTW on a set of domains related to the target. I had the main…
❤3
Markdown Menace: Discovering an LFI Vulnerability on a Blogging Platform
https://www.akamai.com/blog/security/markdown-menace
https://www.akamai.com/blog/security/markdown-menace
Akamai
Markdown Menace: Discovering an LFI Vulnerability on a Blogging Platform
Protecting sensitive information is a recurring and widely known concern in the security community. As researchers, we know all too well how information can be used maliciously (I mean, come on … it’s our job). Considering the size of the threat vector that…
👍1
RCE via WikiCloth markdown rendering if the
https://hackerone.com/reports/1401444
rubyluabridge gem is installedhttps://hackerone.com/reports/1401444
HackerOne
GitLab disclosed on HackerOne: RCE via WikiCloth markdown rendering...
### Summary
One of the supported wiki formats is `mediawiki` which is rendered by `WikiCloth` via GitLab...
One of the supported wiki formats is `mediawiki` which is rendered by `WikiCloth` via GitLab...
👍4
Bug Bytes #167 – AWS RDS Local File Read & Are you making these learning mistakes or misusing Burp’s predefined lists?
https://blog.intigriti.com/2022/04/13/bug-bytes-167-aws-rds-local-file-read-are-you-making-these-learning-mistakes-or-misusing-burps-predefined-lists/
https://blog.intigriti.com/2022/04/13/bug-bytes-167-aws-rds-local-file-read-are-you-making-these-learning-mistakes-or-misusing-burps-predefined-lists/
Intigriti
Bug Bytes #167 - AWS RDS Local File Read & Are you making these learning mistakes or misusing Burp's predefined lists?
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comp...
👍3