43247
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
The Top 10 Data Breaches of 2024
https://www.intigriti.com/blog/business-insights/the-top-10-data-breaches-of-2024
How I Discovered Private Programs and New Programs Set to Launch on HackerOne
hossam_hamada/how-i-discovered-private-programs-and-new-programs-set-to-launch-on-hackerone-a85117a70d7b" rel="nofollow">https://medium.com/@hossam_hamada/how-i-discovered-private-programs-and-new-programs-set-to-launch-on-hackerone-a85117a70d7b
Pentesting for Internal Networks
https://www.hackerone.com/penetration-testing/internal-network-pentests
Testing JavaScript files for bug bounty hunters
https://www.intigriti.com/researchers/blog/hacking-tools/testing-javascript-files-for-bug-bounty-hunters
CVE-2024-44825 - Invesalius Arbitrary File Write and Directory Traversal
https://www.partywave.site/show/research/CVE-2024-44825%20-%20Invesalius%20Arbitrary%20File%20Write%20and%20Directory%20Traversal
Latest ReconFTW Release v2.9.1!
https://github.com/six2dez/reconftw/releases/tag/v2.9.1
GitHub - gwen001/gitlab-subdomains: Find subdomains on GitLab.
https://github.com/gwen001/gitlab-subdomains
$750 Domain Hijacking Vulnerability
1-day/750-domain-hijacking-vulnerability-f6e4b4445711" rel="nofollow">https://medium.com/@1-day/750-domain-hijacking-vulnerability-f6e4b4445711
I’m Lovin’ It: Exploiting McDonald’s APIs to hijack deliveries and order food for a penny
https://eaton-works.com/2024/12/19/mcdelivery-india-hack/
How an obscure PHP footgun led to RCE in Craft CMS
https://www.assetnote.io/resources/research/how-an-obscure-php-footgun-led-to-rce-in-craft-cms
How to Write Great Bug Bounty & Pentest Report (Proof of Concepts)
https://www.youtube.com/watch?v=qR_OQsRFd7g
How To Find Broken Access Control Vulnerabilities in the Wild
https://www.hackerone.com/community/find-broken-access-control-vulnerabilities
Authentication Bypass Vulnerability in Philips IntelliSpace Cardiovascular
https://outurnate.com/authentication-bypass-vulnerability-in-philips-intellispace-cardiovascular
🎅 revisited patchstackapp HQ. He needs you to find more difficult vulns in #WordPress plugins and themes.
📅 When: 17-23 Dec
🛡 What: SQLi, PHP Object Injection, Insecure Deserialization
📊 CVSS: 7.0+
📈 Installs: 50+
🎁 $4700 bounty pool
Hacking Kerio Control via CVE-2024-52875: from CRLF Injection to 1-click RCE | Karma(In)Security
https://karmainsecurity.com/hacking-kerio-control-via-cve-2024-52875
The Recruitment Process: What to Expect When You Apply at HackerOne
https://www.hackerone.com/culture-and-talent/recruitment-process-what-expect-when-you-apply-hackerone
Release v1.1.0 · devploit/nomore403
https://github.com/devploit/nomore403/releases/tag/v1.1.0
PentesterLab Blog: Another JWT Algorithm Confusion Vulnerability: CVE-2024-54150
https://pentesterlab.com/blog/another-jwt-algorithm-confusion-cve-2024-54150
Intigriti 2024 – A year in review
https://www.intigriti.com/blog/news/intigriti-2024-a-year-in-review
Blind XXE with OOB Interaction via XML Parameter Entities
https://medium.com/the-first-digit/blind-xxe-with-oob-interaction-via-xml-parameter-entities-97244bf2b85e
Triage: The not-so-secret hack to impactful bug bounty programs
https://www.intigriti.com/blog/business-insights/triage-the-not-so-secret-hack-to-impactful-bug-bounty-programs
How an IDOR Vulnerability Led to User Profile Modification
https://www.hackerone.com/vulnerability-management/idor-vulnerability-deep-dive
Team 82 Sharon Brizinov - The Live Hacking Polymath (Ep. 98)
https://www.youtube.com/watch?v=CP3FxNPXh0g
Limitations Are Just An Illusion: Brumens on Leveraging Advanced SSTI Exploitation to Achieve RCE
https://www.youtube.com/watch?v=FVm6wYc1S6A
Exploiting Reflected Input Via the Range Header
https://attackshipsonfi.re/p/exploiting-reflected-input-via-the
Insecure file uploads: A complete guide to finding advanced file upload vulnerabilities
https://www.intigriti.com/researchers/blog/hacking-tools/insecure-file-uploads-a-complete-guide-to-finding-advanced-file-upload-vulnerabilities
267 - Buggy Operating Systems Are Coming to Town
https://dayzerosec.com/podcast/267.html
Exposing Facebook’s Hidden Goldmine: Creators’ Private Data at Risk
gtm0x01/exposing-facebooks-hidden-goldmine-creators-private-data-at-risk-01317f3f0031" rel="nofollow">https://medium.com/@gtm0x01/exposing-facebooks-hidden-goldmine-creators-private-data-at-risk-01317f3f0031
The Full Story of CVE-2024-6386: Remote Code Execution in WPML - WPSec
https://blog.wpsec.com/the-full-story-of-cve-2024-6386-remote-code-execution-in-wpml/
YesWeHack Customer Story: Ferrero, Italy's sweet-packaged food giant
https://www.youtube.com/watch?v=JwZ6KevYJHc