How to Remember Everything : Using Roam for Bug Bounty Notes
https://medium.com/@bonjarber/how-to-remember-everything-3cf29540b5d5
https://medium.com/@bonjarber/how-to-remember-everything-3cf29540b5d5
Medium
How to Remember Everything
Using Roam for Bug Bounty Notes
Web Application’s Vulnerabilities and Code patches.(Draft:1)
https://www.linkedin.com/pulse/web-applications-vulnerabilities-code-patchesdraft1-mohit-dabas-/
https://www.linkedin.com/pulse/web-applications-vulnerabilities-code-patchesdraft1-mohit-dabas-/
LinkedIn
Web Application’s Vulnerabilities and Code patches.(Draft:1)
The following articles demonstrate what went wrong in the web applications' code and how they were fixed. Everything is code, So enjoy it! CVE-2019-10062 PluckCMS 4.
Server Side Request Forgery mitigation bypass https://hackerone.com/reports/632101
HackerOne
GitLab disclosed on HackerOne: Server Side Request Forgery...
### Summary
This vulnerability allows attacker to send arbitrary requests to local network which hosts GitLab and read the response. This is possible due to flawed DNS rebinding protection.
The...
This vulnerability allows attacker to send arbitrary requests to local network which hosts GitLab and read the response. This is possible due to flawed DNS rebinding protection.
The...
Collection Of Bug Bounty Tip-Will Be updated daily
https://medium.com/@vignesh4303/collection-of-bug-bounty-tip-will-be-updated-daily-605911cfa248
https://medium.com/@vignesh4303/collection-of-bug-bounty-tip-will-be-updated-daily-605911cfa248
Medium
Collection Of Bug Bounty Tip-Will Be updated daily
Whenever i see for bug bounty tips and tricks i wish to make it up a note , The following were the bug bounty tips offered by experts at…
Everything You Need to Know About IDOR (Insecure Direct Object References)
https://medium.com/@aysebilgegunduz/everything-you-need-to-know-about-idor-insecure-direct-object-references-375f83e03a87
https://medium.com/@aysebilgegunduz/everything-you-need-to-know-about-idor-insecure-direct-object-references-375f83e03a87
Medium
Everything You Need to Know About IDOR (Insecure Direct Object References)
I’ve started a new journey in this quarantine times and decided to investigate OWASP Top 10 and write about it as much in detail as…
Abusing HTTP Path Normalization and Cache Poisoning to steal Rocket League accounts
https://samcurry.net/abusing-http-path-normalization-and-cache-poisoning-to-steal-rocket-league-accounts/
https://samcurry.net/abusing-http-path-normalization-and-cache-poisoning-to-steal-rocket-league-accounts/
1. iOS Application Pentesting Blog By Sunil Kande
https://techfrendz007.blogspot.com/2020/01/application-pentesting-series.html
https://techfrendz007.blogspot.com/2020/01/application-pentesting-series.html
Blogspot
1. iOS Application Pentesting Blog By Sunil Kande
iOS Application Pentesting Blog 1. What is iOS 2. iOS Architecture 3. What is Jailbreak 4. How to Jailbreak 5. How to ...
3. Let's Jailbreak iPhone/iPad https://techfrendz007.blogspot.com/2020/02/3-lets-jailbreak-iphoneipad.html
4. Setting Up Frida+Objection+Firebase Scanner& See How to Dump iPA File From The iDevice to Pereform Reverse Engineering & Static Analysis With Mobsf Tool https://techfrendz007.blogspot.com/2020/04/4-setting-up-fridaobjectionfirebase.html
DOM based open redirect to the leak of a JWT token
https://medium.com/@adam.adreleve/dom-based-open-redirect-to-the-leak-of-a-jwt-token-1b1dd2ced9a1
https://medium.com/@adam.adreleve/dom-based-open-redirect-to-the-leak-of-a-jwt-token-1b1dd2ced9a1
Medium
DOM based open redirect to the leak of a JWT token
Dom-based open redirects can be underestimated on pentests/bug bounty programs. However, depending on the application’s context, this kind…
LevelUp 0x06 - Hacking. The New Normal. May 9, 2020 https://www.bugcrowd.com/resources/levelup0x06/
Scoring $200K at the hacking event that almost didn’t happen https://www.protocol.com/hackerone-bug-bounty-virtual-verizon
Protocol
Scoring $200K at the hacking event that almost didn’t happen
How HackerOne and Verizon Media pulled off a virtual event for 50 hackers from 13 countries.
From Bug Bounty Hunter, to Engineer, and Beyond https://whitton.io/articles/from-researcher-to-engineer-and-beyond/
Jack
From Bug Bounty Hunter, to Engineer, and Beyond
Bug Bounty & Application Security
DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
https://github.com/hahwul/dalfox
https://github.com/hahwul/dalfox
GitHub
GitHub - hahwul/dalfox: 🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation. - hahwul/dalfox
👍1
April 2020 OWASP Ottawa Virtual Meetup https://www.youtube.com/watch?v=43jFx5tA1xs
YouTube
OWASP Ottawa April 2020: Purple is the new Black/Hacking IoT devices over UPnP
Purple is the new Black: Modern Approaches to Application Security
Abstract:
Gone are the days when breaches were rare and security could safely be put low on the priority list; product security is now a customer demand and cyber crime has reached epic…
Abstract:
Gone are the days when breaches were rare and security could safely be put low on the priority list; product security is now a customer demand and cyber crime has reached epic…