43961
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Cloudflare Image Optimization Proxy ALLOWS SUBDOMAIN REDIRECTS via onerror attribute injection
https://www.youtube.com/watch?v=x41UC8KQNhQ
NahamCon 2024: Workshops
https://www.youtube.com/watch?v=MYsUhAgSgwc
What is vulnerability management? And how can ProjectDiscovery help?
https://blog.projectdiscovery.io/what-is-vulnerability-management/
Recon Workflows with Dorki's API Guide
https://blog.dorki.io/comprehensive-guide-to-recon-workflows-with-dorkis-api
Swagger-UI XSS Leading to Account Takeover on Crypto Exchange
https://scr1pty.medium.com/how-i-found-xss-in-swagger-ui-leading-to-account-takeover-on-bug-bounty-8d419c6b95d5
Innovation through collaboration: the mutual benefits of bug bounty programs
https://blog.intigriti.com/2024/05/22/mutual-benefits-bug-bounty-programs/
Initiating SAP Penetration Testing
https://redrays.io/blog/pentest-sap-systems/
Hacking WordPress Sites for up to $10,000!
https://www.youtube.com/watch?v=bX5ZnNgmegY
Discovering a $5000 RCE via Dependency Confusion Vulnerability
https://nvk0x.medium.com/discovering-a-5000-rce-via-dependency-confusion-vulnerability-6b0c08ecd5de
Bypassed the OTP verification process using “Turbo Intruder” Extension.
https://xamiron.medium.com/bypassed-the-otp-verification-process-using-turbo-intruder-extension-2f56ac3d400d
SOC 2 and Pentesting: What You Need to Know
https://www.hackerone.com/security-compliance/soc-2-pentesting
GitHub - kevin-mizu/domloggerpp
https://github.com/kevin-mizu/domloggerpp
How I got an High IDOR + PII in few minutes. Bounty: €500
ivoaabreu/how-i-got-an-high-idor-pii-in-few-minutes-bounty-500-88833b6e1807" rel="nofollow">https://medium.com/@ivoaabreu/how-i-got-an-high-idor-pii-in-few-minutes-bounty-500-88833b6e1807
Send()-ing Myself Belated Christmas Gifts - GitHub.com's Environment Variables & GHES Shell
https://starlabs.sg/blog/2024/04-sending-myself-github-com-environment-variables-and-ghes-shell/
How to Become a Smart Contract Auditor
https://www.cyfrin.io/blog/how-to-become-a-smart-contract-auditor
GitHub - kiber-io/apkd: APK downloader from few sources
https://github.com/kiber-io/apkd
Reshaper - The guide to the ultimate Burp plugin for advanced shenanigans | Shelltrail - Swedish offensive security experts
https://www.shelltrail.com/research/reshaper-the-guide-to-ultimate-burp-plugin-for-advanced-shenanigans/
Authentication Bypass due to Sensitive Data Exposure in Local Storage
kritikasingh06/authentication-bypass-due-to-sensitive-data-exposure-in-local-storage-8a706c798800" rel="nofollow">https://medium.com/@kritikasingh06/authentication-bypass-due-to-sensitive-data-exposure-in-local-storage-8a706c798800
Getting XXE in Web Browsers using ChatGPT
https://swarm.ptsecurity.com/xxe-chrome-safari-chatgpt/
Optimizing Time-Based SQL Injection Detection
https://bountysecurity.ai/blogs/news/optimizing-time-based-sql-injection-detection
Hack My Career: Meet Frances H
https://www.hackerone.com/culture-and-talent/hack-my-career-meet-frances-h
Abusing url handling in iTerm2 and Hyper for code execution
https://vin01.github.io/piptagole/escape-sequences/iterm2/hyper/url-handlers/code-execution/2024/05/21/arbitrary-url-schemes-terminal-emulators.html
Want to find new vulnerabilities every week?
Join the Patchstack #bugbounty program where you can report vulnerabilities in more than 60,000 #WordPress plugins: https://discord.gg/FS6b9ghzU3
CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js — Codean Labs
https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
Secret Web Hacking Knowledge: CTF Authors Hate These Simple Tricks - Philippe Dourassov
https://youtu.be/Sm4G6cAHjWM?si=Uixb5nzXxyIxUPlp
254 - Memory Corruption: Best Tackled with Mitigations or Safe-Languages?
https://dayzerosec.com/podcast/254.html
Exploiting CVE-2024-32002: RCE via git clone
https://amalmurali.me/posts/git-rce/
How to Become a Smart Contract Auditor
https://medium.com/cyfrin/how-to-become-a-smart-contract-auditor-0180ca002e4e
Fuzzing Android binaries using AFL++ Frida Mode
https://valsamaras.medium.com/fuzzing-android-binaries-using-afl-frida-mode-57a49cf2ca43
The Hacker’s Mind -Recon Mind map
tamhacker1/the-hackers-mind-recon-mind-map-39d14e3750fb" rel="nofollow">https://medium.com/@tamhacker1/the-hackers-mind-recon-mind-map-39d14e3750fb