43961
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
GitHub - trap-bytes/gourlex: Gourlex is a simple tool that can be used to extract URLs and paths from web pages.
https://github.com/trap-bytes/gourlex
Discord channel to monitor the Blink Dev Google Group!
https://www.youtube.com/watch?v=9pPHDgonxWo
In Recon: If You're Not First You're Last
https://www.youtube.com/watch?v=Azn0twesqdA
Your Google Account allows you to create passkeys on your phone, computer and security keys
http://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html
One month of Burp Suite in the Cloud - how are AppSec teams using it?
https://portswigger.net/blog/one-month-of-burp-suite-in-the-cloud-how-are-appsec-teams-using-it
FAQ: Everything Hackers Need to Know About the 2024 Ambassador World Cup
https://www.hackerone.com/hackerone-community-blog/awc-faq
253 - A Retrospective and Future Look Into DAY[0]
https://dayzerosec.com/podcast/253.html
How I got $250 for IDOR via Business Logic Error
aryamanav.028/how-i-got-250-for-idor-via-business-logic-error-f3ba502baa5e" rel="nofollow">https://medium.com/@aryamanav.028/how-i-got-250-for-idor-via-business-logic-error-f3ba502baa5e
How we fought bad apps and bad actors in 2023
http://security.googleblog.com/2024/04/how-we-fought-bad-apps-and-bad-actors-in-2023.html
GitHub - ivision-research/burpscript
https://github.com/ivision-research/burpscript
Getting Started on Personal Development
https://www.hackerone.com/engineering/personal-development
CodeQL zero to hero part 3: Security research with CodeQL
https://github.blog/2024-04-29-codeql-zero-to-hero-part-3-security-research-with-codeql/
GitHub - usebruno/bruno: Opensource IDE For Exploring and Testing Api's (lightweight alternative to postman/insomnia)
https://github.com/usebruno/bruno
Uncovering potential threats to your web application by leveraging security reports
http://security.googleblog.com/2024/04/uncovering-potential-threats-to-your.html
Real World GitLab Account Take Over
red.whisperer/real-world-gitlab-account-take-over-b2e9896a1835" rel="nofollow">https://medium.com/@red.whisperer/real-world-gitlab-account-take-over-b2e9896a1835
AI Interaction Hacks: Tips and Tricks for Crafting Effective Prompts
https://www.hackerone.com/engineering/ai-prompting-tips
GitHub - ax/apk.sh: apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.
https://github.com/ax/apk.sh
Service-level agreements in cybersecurity: Everything you need to know
https://blog.intigriti.com/2024/05/08/service-level-agreements-in-cybersecurity-everything-you-need-to-know/
Hacking Apple - SQL Injection to Remote Code Execution
https://blog.projectdiscovery.io/hacking-apple-with-sql-injection/
2FA bypass that made me $______
https://imwaiting18.medium.com/2fa-bypass-that-made-me-6d32d3b762b4
Detecting browser data theft using Windows Event Logs
http://security.googleblog.com/2024/04/detecting-browser-data-theft-using.html
April 2024 Newsletter
https://blog.projectdiscovery.io/newsletter-april-2024/
Devfile file write vulnerability in GitLab - GitLab Security Tech Notes
https://gitlab-com.gitlab.io/gl-security/security-tech-notes/security-research-tech-notes/devfile/
Flutter Windows Thick Client SSL Pinning Bypass
https://blog.souravkalal.tech/flutter-windows-thick-client-ssl-pinning-bypass-492389ae1218
LLM Pentest: Leveraging Agent Integration For RCE
https://www.blazeinfosec.com/post/llm-pentest-agent-hacking/
Accelerating incident response using generative AI
http://security.googleblog.com/2024/04/accelerating-incident-response-using.html
GitHub - RevoltSecurities/Subdominator: SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty
https://github.com/RevoltSecurities/Subdominator
Latest Nuclei Release v3.2.6!
https://github.com/projectdiscovery/nuclei/releases/tag/v3.2.6
DNS Resolutions: Identifying Live Targets : Vertical RECON.
https://hacktivistattacker.medium.com/dns-resolutions-identifying-live-targets-vertical-recon-2a2aed49bd6b
GitHub - usdAG/FlowMate: FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application and matches their occurrences in the responses.
https://github.com/usdAG/FlowMate