43961
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Follow-up or Fail
https://www.hackerone.com/engineering/follow-up-or-fail
Exploiting ML models with pickle file attacks: Part 1
https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-1/
HackerNight 2024: my first live hacking event
https://hackcommander.github.io/posts/2024/06/10/hackernight-2024-my-first-live-hacking-event/#
Exploiting File Read Vulnerabilities in Gradio to Steal Secrets from Hugging Face Spaces – Horizon3.ai
https://www.horizon3.ai/attack-research/disclosures/exploiting-file-read-vulnerabilities-in-gradio-to-steal-secrets-from-hugging-face-spaces/
Day in the Life of an Ethical Hacker/Penetration Tester
https://www.youtube.com/watch?v=PNcqD52hs7Y
HackerOne Invests in Leaders with New Development Program
https://www.hackerone.com/culture-and-talent/hackerone-invests-leaders-new-development-program
POC — CVE-2024–4956 -Unauthenticated Path Traversal
verylazytech/poc-cve-2024-4956-unauthenticated-path-traversal-f24b1a595e0e" rel="nofollow">https://medium.com/@verylazytech/poc-cve-2024-4956-unauthenticated-path-traversal-f24b1a595e0e
#NahamCon2024: .js Files Are Your Friends | @zseano
https://www.youtube.com/watch?v=fQoxjBwQZUA
10 years of the GitHub Security Bug Bounty Program
https://github.blog/2024-06-11-10-years-of-the-github-security-bug-bounty-program/
JS for Bug Bounties 2.0 Extreme Edition 2024
kongsec/js-for-bug-bounties-2-0-extreme-edition-2024-f167fa48276a" rel="nofollow">https://medium.com/@kongsec/js-for-bug-bounties-2-0-extreme-edition-2024-f167fa48276a
This 'Realistic' Web CTF Was Impossible!
https://www.youtube.com/watch?v=E2p1iLIR9Cw
HackerOne’s Spring Day of Service
https://www.hackerone.com/culture-and-talent/hackerones-spring-day-service
StarkeBlog - Thecus NAS Firmware Decryption
https://starkeblog.com/cryptography/firmware/2024/06/11/thecus-nas-firmware-decrypt.html
#NahamCon2024: OAuth Secret | @BugBountyReportsExplained
https://www.youtube.com/watch?v=n9x7_J_a_7Q
#NahamCon2024: Deep Dive Into AWS Instance Metadata | @congon4tor
https://www.youtube.com/watch?v=pa0wYm2sJbs
Exploiting ML models with pickle file attacks: Part 2
https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-2/
Time to challenge yourself in the 2024 Google CTF
http://security.googleblog.com/2024/06/time-to-challenge-yourself-in-2024.html
#NahamCon2024: Practical AI for Bounty Hunters | @jhaddix
https://www.youtube.com/watch?v=DqgterfPHzg
StarkeBlog - iGoat Challenge Write up
https://starkeblog.com/ios/appsec/2024/05/22/igoat-swift.html
Baldur
Exploiting embedded mitel phones for unauthenticated remote code execution
https://baldur.dk/blog/embedded-mitel-exploitation.html
Research TLDRs & Smuggling Payloads in Well Known Data Types (Ep. 72)
https://www.youtube.com/watch?v=XLWntUWRj3U
Intigriti Customer Story: Personio
https://www.youtube.com/watch?v=ln80hJv0mqg
Bug bounty vs penetration testing: The costs, scope, and methodologies
https://blog.intigriti.com/2024/06/12/penetration-testing-vs-bug-bounty-programs/
CVE-2024-29824 Deep Dive: Ivanti EPM SQL Injection Remote Code Execution Vulnerability – Horizon3.ai
https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
GitHub - seed1337/CVE-2024-24919-POC
https://github.com/seed1337/CVE-2024-24919-POC
onwebkitplaybacktargetavailabilitychanged?! New exotic events in the XSS cheat sheet
https://portswigger.net/research/new-exotic-events-in-the-xss-cheat-sheet
1250 $ For 3 Stored XSS AND PII Disclosure , Let’s See How FIS Scammed Me AND Bugcrowd Covered It Up !
0xAwali/1250-for-3-stored-xss-and-pii-disclosure-lets-see-how-fis-scammed-me-and-bugcrowd-covered-it-8561d9ce57b5" rel="nofollow">https://medium.com/@0xAwali/1250-for-3-stored-xss-and-pii-disclosure-lets-see-how-fis-scammed-me-and-bugcrowd-covered-it-8561d9ce57b5
Bypassing Veeam Authentication CVE-2024-29849
https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/
Error: Monthly quota exceeded
https://www.offensity.com/en/blog/uncovering-a-critical-vulnerability-in-authentiks-pkce-implementation-cve-2023-48228/
Android (on device) fuzzing using AFL++ Frida Mode
Blog: https://knifecoat.com/Posts/Fuzzing+Redux%2C+leveraging+AFL%2B%2B+Frida-Mode+on+Android+native+libraries
AFL++ Frida Mode Build: https://github.com/FuzzySecurity/afl-frida-build