Want to become a PRO bug bounty hunter with core review skills? Look into Patchstack: https://discord.gg/FS6b9ghzU3
Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400)
https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/
https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/
watchTowr Labs - Blog
Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400)
Welcome to April 2024, again. We’re back, again.
Over the weekend, we were all greeted by now-familiar news—a nation-state was exploiting a “sophisticated” vulnerability for full compromise in yet another enterprise-grade SSLVPN device.
We’ve seen all the…
Over the weekend, we were all greeted by now-familiar news—a nation-state was exploiting a “sophisticated” vulnerability for full compromise in yet another enterprise-grade SSLVPN device.
We’ve seen all the…
How we escalated a DOM XSS to a sophisticated 1-click Account Takeover for $8000 - Part 1
https://thefrogsec.github.io/2024/04/06/How-we-escalated-a-DOM-XSS-to-a-sophisticated-1-click-Account-Takeover-for-8000-Part-1/index.html
https://thefrogsec.github.io/2024/04/06/How-we-escalated-a-DOM-XSS-to-a-sophisticated-1-click-Account-Takeover-for-8000-Part-1/index.html
FrogSec's Research Blog
How we escalated a DOM XSS to a sophisticated 1-click Account Takeover for $8000 - Part 1
A fascinating case study where we escalated a seemingly simple DOM XSS into a sophisticated 1-click Account Takeover.
How we escalated a DOM XSS to a sophisticated 1-click Account Takeover for $8000 - Part 2
https://thefrogsec.github.io/2024/04/06/How-we-escalated-a-DOM-XSS-to-a-sophisticated-1-click-Account-Takeover-for-8000-Part-2/
https://thefrogsec.github.io/2024/04/06/How-we-escalated-a-DOM-XSS-to-a-sophisticated-1-click-Account-Takeover-for-8000-Part-2/
FrogSec's Research Blog
How we escalated a DOM XSS to a sophisticated 1-click Account Takeover for $8000 - Part 2
This is the second part of our blog series on How we escalated a DOM XSS to a sophisticated 1-click Account Takeover for $8000
Forwarded from Android Security & Malware
Advanced Frida Usage Part 9 – Memory Scanning in Android
https://8ksec.io/advanced-frida-usage-part-9-memory-scanning-in-android/
https://8ksec.io/advanced-frida-usage-part-9-memory-scanning-in-android/
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Advanced Frida Usage Part 9 – Memory Scanning in Android - 8kSec
In part-9 of Advanced Frida Usage, learn about API provided by frida called Memory.scan() which can help you to scan bytes from memory & help you to patch them.
We Hacked Google A.I. for $50,000 - Lupin & Holmes
https://www.landh.tech/blog/20240304-google-hack-50000/
https://www.landh.tech/blog/20240304-google-hack-50000/
www.landh.tech
We Hacked Google A.I. for $50,000 - Lupin & Holmes
How I Exploited an Auth0 Misconfiguration to Bypass Login Restrictions
https://amjadali110.medium.com/how-i-exploited-an-auth0-misconfiguration-to-bypass-login-restrictions-c5d8c20d5505
https://amjadali110.medium.com/how-i-exploited-an-auth0-misconfiguration-to-bypass-login-restrictions-c5d8c20d5505
Medium
How I Exploited an Auth0 Misconfiguration to Bypass Login Restrictions
Auth0 Misconfiguration: Bypassed Login Restrictions. #BugBounty #Security
The truth about ethical hackers: Are they trustworthy?
https://blog.intigriti.com/2024/04/29/the-truth-about-ethical-hackers-are-they-trustworthy/
https://blog.intigriti.com/2024/04/29/the-truth-about-ethical-hackers-are-they-trustworthy/
Intigriti
The truth about ethical hackers: Are they trustworthy? - Intigriti
To outmanoeuvre cybercriminals, the key is to beat them to the punch by working with ethical hackers. However, a question often arises: Can we trust ethical hackers? Especially when we don’t know them personally? Through platforms such as Intigriti, the…
How 18-Year-Old Me Discovered a VirtualBox VM Escape Vulnerability
https://j0nathanj.github.io/Dusting-off-the-VM-Escape
https://j0nathanj.github.io/Dusting-off-the-VM-Escape
Jonathan Jacobi’s Blog
How 18-Year-Old Me Discovered a VirtualBox VM Escape Vulnerability
VirtualBox VM Escape Vulnerability - A Research Walkthrough
The Bug Bounty Hunter
📝 Survey: Be Part of Our 2024 Bug Bounty Hunter Report Hello Hackers! 👋 Help us better understand the 🐛 "The Bug Bounty Hunter Community" by completing our annual survey! At The Bug Bounty Hunter, we're committed to fostering a vibrant bug bounty community…
Hello Hackers 👋!
We're thrilled to announce that we've already selected the three lucky winners of our prizes. But before we dive into that, we want to extend a heartfelt thank you to each and every one of you for taking the time to participate in our annual survey. Your valuable feedback is crucial to us as it helps us better understand the needs of our community and provides us with insights to continue improving and adding value.
🍀 Congratulations to all three of you! We'll be reaching out to you shortly to arrange the delivery of your well-deserved prizes.
It is the public URL https://app.randompicker.com/protocol/835172x45843
Once again, thank you all for your participation and for helping us make the Bug Bounty Hunter community an even better place
Let's keep moving forward together! 🚀
Happy Hunting
The Bug Bounty Hunter Team
We're thrilled to announce that we've already selected the three lucky winners of our prizes. But before we dive into that, we want to extend a heartfelt thank you to each and every one of you for taking the time to participate in our annual survey. Your valuable feedback is crucial to us as it helps us better understand the needs of our community and provides us with insights to continue improving and adding value.
🍀 Congratulations to all three of you! We'll be reaching out to you shortly to arrange the delivery of your well-deserved prizes.
It is the public URL https://app.randompicker.com/protocol/835172x45843
Once again, thank you all for your participation and for helping us make the Bug Bounty Hunter community an even better place
Let's keep moving forward together! 🚀
Happy Hunting
The Bug Bounty Hunter Team
RandomPicker.com
Random Picker Record: 2024 Bug Bounty Hunter Report (835172)
Click to see the public record of the drawing conducted by RandomPicker.
Popping Teslas with Secondary PT and JavaScript's intparse() - just Sam Curry shit.
https://www.youtube.com/watch?v=CfwiQdlvRWk
https://www.youtube.com/watch?v=CfwiQdlvRWk
YouTube
Popping Teslas with Secondary PT and JavaScript's intparse() - just Sam Curry shit.
How Sam Curry gained access to someone else's Tesla via an integer parsing bug!
Pre-Pentest Checklist Part 2: Essential Questions to Answer Before Your Next Pentest
https://www.hackerone.com/penetration-testing/pre-pentest-checklist-part2
https://www.hackerone.com/penetration-testing/pre-pentest-checklist-part2
HackerOne
Pre-Pentest Checklist Part 2: Essential Questions to Answer Before Your Next Pentest
Part 2 of our pre-pentest checklist answers 9 questions about the "when," "who," and "how" of pentest preparation.
Forwarded from Android Security & Malware
20 Security Issues Found in Xiaomi Devices
https://blog.oversecured.com/20-Security-Issues-Found-in-Xiaomi-Devices/
https://blog.oversecured.com/20-Security-Issues-Found-in-Xiaomi-Devices/
News, Techniques & Guides
20 Security Issues Found in Xiaomi Devices
How to Improve Your Android & iOS Static Analysis with Nuclei!
https://medium.com/@justmobilesec/how-to-improve-your-android-ios-static-analysis-with-nuclei-d44f3daa9cee
https://medium.com/@justmobilesec/how-to-improve-your-android-ios-static-analysis-with-nuclei-d44f3daa9cee
Medium
How to Improve Your Android & iOS Static Analysis with Nuclei!
TL;DR: In this post, we will cover how to statically analyze Android and iOS applications using Nuclei. We’ll start:
GitHub - usdAG/FlowMate: FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application and matches their occurrences in the responses.
https://github.com/usdAG/FlowMate
https://github.com/usdAG/FlowMate
GitHub
GitHub - usdAG/FlowMate: FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters…
FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application and matches their occurrences in the responses. - usdAG/FlowMate