43961
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Pattern Scanning Intro (For Game Hacking)
MrRipperoni/pattern-scanning-intro-for-game-hacking-b13401b562fb" rel="nofollow">https://medium.com/@MrRipperoni/pattern-scanning-intro-for-game-hacking-b13401b562fb
The critical role of vulnerability disclosure policies (VDP) in cybersecurity
https://blog.intigriti.com/2024/05/28/critical-role-vulnerability-disclosure-policies-vdp-modern-cybersecurity/
Kubernetes — A Journey Has Just Begun
https://www.hackerone.com/engineering/kubernetes
Optimizing Blind SQL Injection Detection with Content-Length Differences
https://bountysecurity.ai/blogs/news/optimizing-blind-sql-injection-detection-with-content-length-differences
Want to become a PRO bug bounty hunter with code review skills? Look into Patchstack: https://discord.gg/FS6b9ghzU3
Читать полностью…
GitHub - xnl-h4ck3r/XnlReveal: A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements.
https://github.com/xnl-h4ck3r/XnlReveal
ManageEngine ADAudit - Reverse engineering Windows RPC to find CVEs - part 1 / RPC | Shelltrail - Swedish offensive security experts
https://www.shelltrail.com/research/manageengine-adaudit-reverse-engineering-windows-rpc-to-find-cve-2024-36036-and-cve-2024-36037-part1/
GitHub - msoedov/agentic_security: Agentic LLM Vulnerability Scanner
https://github.com/msoedov/agentic_security
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine
https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
Android Pentesting
https://pswalia2u.medium.com/android-pentesting-f277066fed6d
NahamCon 2024 Workshops: NahamCon 2024 Workshops: SQL Injection Tips & Tricks
https://www.youtube.com/watch?v=MYsUhAgSgwc
StarkeBlog - iGoat Challenge Write up
https://starkeblog.com/ios/appsec/2024/05/22/igoat-swift.html
Latest Nuclei Release v3.2.8!
https://github.com/projectdiscovery/nuclei/releases/tag/v3.2.8
Introducing SignSaboteur: forge signed web tokens with ease
https://portswigger.net/research/introducing-signsaboteur-forge-signed-web-tokens-with-ease
Accelerate Find-to-Fix Cycles With Hai
https://www.hackerone.com/ai/accelerate-find-to-fix-hai
What Is a Prompt Injection Attack?
https://www.youtube.com/watch?v=jrHRe9lSqqA
Bug Bounty Calculator—Crunch the numbers and optimize your program
https://blog.intigriti.com/2024/05/28/bug-bounty-calculator-crunch-the-numbers-and-optimize-your-vdp/
Multiple vulnerabilities in Eclipse ThreadX - hn security
https://security.humanativaspa.it/multiple-vulnerabilities-in-eclipse-threadx/
A Whistledown Exclusive: Netflix’s Journey to One Million in Bug Bounty and Beyond
netflixtechblog/a-whistledown-exclusive-netflixs-journey-to-one-million-in-bug-bounty-and-beyond-9087ffebc3e1" rel="nofollow">https://medium.com/@netflixtechblog/a-whistledown-exclusive-netflixs-journey-to-one-million-in-bug-bounty-and-beyond-9087ffebc3e1
Everyday Ghidra: Symbols — Automatic Symbol Acquisition with Ghidra — Part 2
clearbluejar/everyday-ghidra-symbols-automatic-symbol-acquisition-with-ghidra-part-2-bf9033a35b39" rel="nofollow">https://medium.com/@clearbluejar/everyday-ghidra-symbols-automatic-symbol-acquisition-with-ghidra-part-2-bf9033a35b39
CVE-2024-23108: Fortinet FortiSIEM 2nd Order Command Injection Deep-Dive – Horizon3.ai
https://www.horizon3.ai/attack-research/disclosures/cve-2024-23108-fortinet-fortisiem-2nd-order-command-injection-deep-dive/
#NahamCon2024: Shodan & WAF Evasion Techniques | @godfatherOrwa
https://www.youtube.com/watch?v=wH6FEvmyo4A
#NahamCon2024: Modern WAF Bypass Techniques on Large Attack Surfaces
https://www.youtube.com/watch?v=0OMmWtU2Y_g
On Writing Well as a Software Engineer
https://www.hackerone.com/engineering/writing-tips-software-engineer
Uncovering the Hidden Vulnerability: How I Found an Authentication Bypass on Shopify’s Exchange…
niraj1mahajan/uncovering-the-hidden-vulnerability-how-i-found-an-authentication-bypass-on-shopifys-exchange-cc2729ea31a9" rel="nofollow">https://medium.com/@niraj1mahajan/uncovering-the-hidden-vulnerability-how-i-found-an-authentication-bypass-on-shopifys-exchange-cc2729ea31a9
evren's blog
https://evren.ninja/langchain-afr-vulnerability.html
NahamCon 2024: Main Track - Hosted by Critical Thinking - Bug Bounty Podcast
https://www.youtube.com/watch?v=76mNNVVBht0
OTP Bypass Technique
hrofficial62/otp-bypass-technique-26b01a0ecf9b" rel="nofollow">https://medium.com/@hrofficial62/otp-bypass-technique-26b01a0ecf9b
Triage: The not-so-secret hack to impactful bug bounty programs
https://blog.intigriti.com/2024/05/23/triage-the-not-so-secret-hack-to-impactful-bug-bounty-programs/
Optimizing Blind SQL Injection Detection with HTTP Status Code Differences
https://bountysecurity.ai/blogs/news/optimizing-blind-sql-injection-detection-with-multi-step-techniques