43247
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Why Can't You Fix This Bug Faster?
https://maxwelldulin.com/BlogPost/Why-Can't-You-Fix-This-Bug-Faster
🎅 visited @patchstackapp and has a quest for you to find vulns in #WordPress plugins and themes.
📅 When: 10-17 Dec
🛡️ What: XSS, CSRF, Arbitrary file download, privilege escalation, sensitive data exposure
📊 CVSS: 6.4+
📈 Installs: 50+
Learn more at https://patchstack.com/bug-bounty/
Google Cloud expands vulnerability detection for Artifact Registry using OSV
http://security.googleblog.com/2024/12/google-cloud-expands-vulnerability.html
How I Found a Critical Vulnerability and Earned $4,000 in Bug Bounty Hunting
zack0x01_/how-i-found-a-critical-vulnerability-and-earned-4-000-in-bug-bounty-hunting-2ce4a1227fdc" rel="nofollow">https://medium.com/@zack0x01_/how-i-found-a-critical-vulnerability-and-earned-4-000-in-bug-bounty-hunting-2ce4a1227fdc
Privilege Escalation via Impersonation Features feature
0x_xnum/privilege-escalation-via-impersonation-features-feature-c49cf3a3dc03" rel="nofollow">https://medium.com/@0x_xnum/privilege-escalation-via-impersonation-features-feature-c49cf3a3dc03
The Ruby on Rails _json Juggling Attack / nastystereo.com
https://nastystereo.com/security/rails-_json-juggling-attack.html
Announcing the launch of Vanir: Open-source Security Patch Validation
http://security.googleblog.com/2024/12/announcing-launch-of-vanir-open-source.html
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection
https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/
How to Accelerate Vulnerability Remediation with Hai
https://www.hackerone.com/ai/accelerate-vulnerability-remediation-with-hai
Broken authentication: 7 Advanced ways of bypassing insecure 2-FA implementations
https://blog.intigriti.com/hacking-tools/broken-authentication-7-advanced-ways-of-bypassing-insecure-2-fa-implementations
Announcing the launch of Vanir: Open-source Security Patch Validation
http://security.googleblog.com/2024/12/announcing-launch-of-vanir-open-source.html
Bypassing WAFs with the phantom $Version cookie
https://portswigger.net/research/bypassing-wafs-with-the-phantom-version-cookie
Announcing the launch of Vanir: Open-source Security Patch Validation
http://security.googleblog.com/2024/12/announcing-launch-of-vanir-open-source.html
The AI-Powered 403 Bypasser: Caido Plugin!
https://www.youtube.com/watch?v=LAn3LU1s0Dc
Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day
https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/
Hacking AI Applications: From 3D Printing to Remote Code Execution
https://www.securityrunners.io/post/hacking-ai-applications
How to Streamline Your SDLC With Hai
https://www.hackerone.com/ai/streamline-sdlc-with-hai
266 - Machine Learning Attacks and Tricky Null Bytes
https://dayzerosec.com/podcast/266.html
PentesterLab Blog: How to Securely Design Your JWT Library
https://pentesterlab.com/blog/secure-jwt-library-design
Performing Android Static Analysis 101-A Complete Guide for Beginners - Laburity
https://laburity.com/performing-android-static-analysis-101-a-complete-guide-for-beginners/
Understanding ⛔️403 Bypasses⛔️ (With Examples)
https://www.youtube.com/watch?v=PvpXRBor-Jw
Deobfuscate Android App: LLM tool to find any potential security vulnerabilities in Android apps and deobfuscate Android app code
https://github.com/In3tinct/deobfuscate-android-app
From XSS Vulnerability to Full Admin Access
https://haymiz.dev/security/2024/11/25/stored-xss-takeover/
Malimite: iOS decompiler designed to analyze and decode IPA files
Built on top of Ghidra to offer direct support for Swift, Objective-C, and iOS resources
https://github.com/LaurieWired/Malimite
Banco Galicia x YesWeHack: Live Bug Bounty highlights from Ekoparty, Argentina
https://www.youtube.com/watch?v=NknCHX8Hbqg
Automatically decode Android apps and searche for secrets
https://trufflesecurity.com/blog/cracking-open-apk-files-at-scale
Introducing HackerOne Automations
https://www.hackerone.com/vulnerability-management/introducing-hackerone-automations
10 RXSS on HackerOne VDPs
https://medium.com/infosecmatrix/10-rxss-on-hackerone-vdps-5162d3ee42af
OAuth Non-Happy Path to ATO
https://blog.voorivex.team/oauth-non-happy-path-to-ato
The cyber threat landscape part 5: Staying safe with multi-layered defense
https://blog.intigriti.com/business-insights/the-cyber-threat-landscape-part-5-staying-safe-with-multi-layered-defense