subzuf
subzuf is a subdomain brute-force fuzzer coupled with an immensly simple but effective DNS reponse-guided algorithm.
https://github.com/elceef/subzuf
subzuf is a subdomain brute-force fuzzer coupled with an immensly simple but effective DNS reponse-guided algorithm.
https://github.com/elceef/subzuf
GitHub
GitHub - elceef/subzuf: a smart DNS response-guided subdomain fuzzer
a smart DNS response-guided subdomain fuzzer. Contribute to elceef/subzuf development by creating an account on GitHub.
👍2
Hijacking service workers via DOM Clobbering
https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering
https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering
PortSwigger Research
Hijacking service workers via DOM Clobbering
In this post, we'll briefly review how service worker hijacking works, then introduce a variant that can be triggered via DOM clobbering thanks to a quirk in document.getElementById(). Understanding s
👍1
Computer Security Day 2022 – Cybersecurity tips to help keep you safe online
https://blog.intigriti.com/2022/11/30/computer-security-day-2022-cybersecurity-tips-to-help-keep-you-safe-online/
https://blog.intigriti.com/2022/11/30/computer-security-day-2022-cybersecurity-tips-to-help-keep-you-safe-online/
Advanced SQL Injection Cheatsheet
A cheat sheet that contains advanced queries for SQL Injection of all types.
https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet
A cheat sheet that contains advanced queries for SQL Injection of all types.
https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet
GitHub
GitHub - kleiton0x00/Advanced-SQL-Injection-Cheatsheet: A cheat sheet that contains advanced queries for SQL Injection of all types.
A cheat sheet that contains advanced queries for SQL Injection of all types. - kleiton0x00/Advanced-SQL-Injection-Cheatsheet
👍5
Black Hat USA 2022 Conference Recordings
https://youtube.com/playlist?list=PLH15HpR5qRsVKcKwvIl-AzGfRqKyx--zq
https://youtube.com/playlist?list=PLH15HpR5qRsVKcKwvIl-AzGfRqKyx--zq
YouTube
Black Hat USA 2022
Share your videos with friends, family, and the world
Bug Bytes #183 – Learning, reflecting and hacking
https://blog.intigriti.com/2022/11/30/bug-bytes-183-learning-reflecting-and-hacking/
https://blog.intigriti.com/2022/11/30/bug-bytes-183-learning-reflecting-and-hacking/
Intigriti
Bug Bytes #183 - Learning, reflecting and hacking
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD . Every week, she keeps us up to date with a comprehensive list of write-up...
👍3
Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential for unauthorized database access
https://www.wiz.io/blog/hells-keychain-supply-chain-attack-in-ibm-cloud-databases-for-postgresql
https://www.wiz.io/blog/hells-keychain-supply-chain-attack-in-ibm-cloud-databases-for-postgresql
wiz.io
Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential unauthorized database access…
How IBM Cloud caught us exploring its infrastructure and how a hardcoded secret eventually led to build artifact access and manipulation
👍1
XSS on account.leagueoflegends.com via easyXDM [2016]
https://medium.com/@bored.engineer/xss-on-account-leagueoflegends-com-via-easyxdm-2016-75bcf9d582b5
https://medium.com/@bored.engineer/xss-on-account-leagueoflegends-com-via-easyxdm-2016-75bcf9d582b5
Medium
Luke Young – Medium
Read writing from Luke Young on Medium. I find bugs and exploit them. Sometimes for money, mainly for T-Shirts. https://www.linkedin.com/in/bored-engineer/.
Windows Exploitation Challenge – Blue Frost Security 2022
https://voidsec.com/windows-exploitation-challenge-blue-frost-security-2022/
https://voidsec.com/windows-exploitation-challenge-blue-frost-security-2022/
VoidSec
Windows Exploitation Challenge - Blue Frost Security 2022 (Ekoparty) - VoidSec
Last month, during Ekoparty, Blue Frost Security published a Windows challenge. Since having a Windows exploitation challenge, is one of a kind in CTFs, and since I’ve found the challenge interesting and very clever, I’ve decided to post about my reverse…
👍6🔥2
NVIDIA Fixes 25 GPU Display Driver Vulnerabilities
https://www.lansweeper.com/vulnerability/nvidia-fixes-25-gpu-display-driver-vulnerabilities/
https://www.lansweeper.com/vulnerability/nvidia-fixes-25-gpu-display-driver-vulnerabilities/
Lansweeper
NVIDIA Fixes 25 GPU Display Driver Vulnerabilities - Lansweeper
NVIDIA released a security update fixing 25 GPU display driver vulnerabilities that could lead to code execution, denial of service, and more.
👍2
Pre-Auth RCE with CodeQL in Under 20 Minutes
https://frycos.github.io/vulns4free/2022/12/02/rce-in-20-minutes.html
https://frycos.github.io/vulns4free/2022/12/02/rce-in-20-minutes.html
Frycos Security Diary
Pre-Auth RCE with CodeQL in Under 20 Minutes
This write-up won’t be an intense discussion on security code review techniques this time. We’ll simply let do all the hard work by a third party: CodeQL.
👍2
Account Takeover - Inside The Tenanth
https://shahjerry33.medium.com/account-takeover-inside-the-tenant-6101a3cafbee
https://shahjerry33.medium.com/account-takeover-inside-the-tenant-6101a3cafbee
Medium
Account Takeover - Inside The Tenant
Summary :
A $$$ worth of cookies! | Reflected DOM-Based XSS | Bug Bounty POC
https://medium.com/@haroonhameed_76621/a-775-worth-of-cookies-reflected-dom-based-xss-bug-bounty-poc-3e7720c78fbe
https://medium.com/@haroonhameed_76621/a-775-worth-of-cookies-reflected-dom-based-xss-bug-bounty-poc-3e7720c78fbe
Medium
A $$$ worth of cookies! | Reflected DOM-Based XSS | Bug Bounty POC
Hey everyone! This is Haroon Hameed and I’m here to share about my recent finding on Synack Red Team about Reflected DOM-based XSS. In this…
👍5❤1
The most underrated injection of all time — CYPHER INJECTION. How I found and exploited it && 2000$ bounty !
https://medium.com/@marvelmaniac/the-most-underrated-injection-of-all-time-cypher-injection-fa2018ba0de8
https://medium.com/@marvelmaniac/the-most-underrated-injection-of-all-time-cypher-injection-fa2018ba0de8
Medium
The most underrated injection of all time — CYPHER INJECTION. Identification & Exploitation!
This blog explains to you how I found a rare injection bug called cypher injection and how I exploited it.
💩5👍3🔥2😁1
Automating Unsolicited Richard Pics; Pwning 60,000 Digital Picture Frames
https://www.scrawledsecurityblog.com/2022/11/automating-unsolicited-richard-pics.html
https://www.scrawledsecurityblog.com/2022/11/automating-unsolicited-richard-pics.html
Scrawledsecurityblog
Automating Unsolicited Richard Pics; Pwning 60,000 Digital Picture Frames
Summary The research for this post was done sometime in January of 2022, I was diagnosed with Cancer in February of 2022, and have been str...
👍3🥰1
Ambassador Spotlight: Emperor
https://www.hackerone.com/hackerone-community-blog/ambassador-spotlight-emperor
https://www.hackerone.com/hackerone-community-blog/ambassador-spotlight-emperor
HackerOne
Ambassador Spotlight: Emperor
Who are you?My name is Raviraj; I'm from Gujarat, India. I go by the handle, Emperor. My handle came from an anime called "Kuruko no Basuke." It references the character Akashi Sejuro's special ability, "Emperor Eye." Hence, giving him the nickname "The emperor"…
💩11👍3
Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable
https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
Legitsecurity
Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable
New software supply chain vulnerabilities use artifact poisoning and attack the software development pipelines on projects using GitHub Actions.
👍3