43961
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Auth. Bypass In (Un)Limited Scenarios - Progress MOVEit Transfer (CVE-2024-5806)
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
OTP Bypass through Session Manipulation
n4if/otp-bypass-through-session-manipulation-d73deceaa42f" rel="nofollow">https://medium.com/@n4if/otp-bypass-through-session-manipulation-d73deceaa42f
Probllama: Ollama Remote Code Execution Vulnerability (CVE-2024-37032) – Overview and Mitigations | Wiz Blog
https://www.wiz.io/blog/probllama-ollama-vulnerability-cve-2024-37032
1-click Exploit in South Korea's biggest mobile chat app
https://stulle123.github.io/posts/kakaotalk-account-takeover/
Zip Slip meets Artifactory: A Bug Bounty Story | Karma(In)Security
https://karmainsecurity.com/zip-slip-meets-artifactory-a-bug-bounty-story
HackerOne Live Hacking Event Recap: Tokyo w/ Paypal
https://www.youtube.com/watch?v=qSGzVytzJc4
Staying Safe with Chrome Extensions
http://security.googleblog.com/2024/06/staying-safe-with-chrome-extensions.html
Sandboxed IFrames and WAF Bypasses (Ep. 73)
https://www.youtube.com/watch?v=uHOxsmdsXUA
How I Got My First €€€€ Bounty
machiavellli/how-i-got-my-first-bounty-65ad8a1763de" rel="nofollow">https://medium.com/@machiavellli/how-i-got-my-first-bounty-65ad8a1763de
PDCP v0.8.7: Enhanced Team Management, 2FA, and Asset Filtering
https://blog.projectdiscovery.io/enhanced-team-management-2fa-and-asset-filtering/
#NahamCon2024: Sluicing Scripts | @TomNomNomDotCom@TomNomNomDotCom
https://www.youtube.com/watch?v=6zgMglfSZkI
Mobile OAuth Attacks - iOS URL Scheme Hijacking Revamped
https://evanconnelly.github.io/post/ios-oauth/
My Favorite Ethical Hacking Books
https://www.youtube.com/watch?v=SWXDST3arF0
Hunting for Origin IP: A Beginner’s Guide
pruthu.raut/hunting-for-origin-ip-a-beginners-guide-70235f3dd415" rel="nofollow">https://medium.com/@pruthu.raut/hunting-for-origin-ip-a-beginners-guide-70235f3dd415
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 2)
https://www.ambionics.io/blog/iconv-cve-2024-2961-p2
My Favorite API Hacking Vulnerabilities & Tips
https://www.youtube.com/watch?v=3Z2STZGqvc4
Mobile OAuth Attacks - iOS URL Scheme Hijacking Revamped
https://evanconnelly.github.io/post/ios-oauth/
Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects
https://github.blog/2024-06-20-execute-commands-by-sending-json-learn-how-unsafe-deserialization-vulnerabilities-work-in-ruby-projects/
ISO 27001 and Pentesting: What You Need to Know
https://www.hackerone.com/security-compliance/iso-27001-pentesting
Analysis of CVE-2024-25065: Apache OFBiz Security bypass
https://blog.securelayer7.net/security-bypass-in-apache-ofbiz/
Setting Up an Environment for Web Hacking
https://www.hackerone.com/ethical-hacker/setting-up-web-hacking-environment
ProjectDiscovery achieves SOC 2 Type 2 Certification
https://blog.projectdiscovery.io/projectdiscovery-achieves-soc-2-type-2-certification/
Server Access: Admin Panel and RFU Bypass
zvitox/server-access-admin-panel-and-rfu-bypass-45af32057a2d" rel="nofollow">https://medium.com/@zvitox/server-access-admin-panel-and-rfu-bypass-45af32057a2d
Extending Burp Suite for fun and profit - The Montoya way - Part 5 - hn security
https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-5/
I found and reported two critical bugs to Sei Network concerning their layer-1 blockchain.
https://usmannkhan.com/bug%20reports/2024/06/17/sei-bug-report.html
Join HackerOne’s Ambassador World Cup
https://www.hackerone.com/lhe/join-ambassador-world-cup
Exploiting LLM APIs with Excessive Agency
https://www.youtube.com/watch?v=YqAIvQnUDtM
Introducing HTTPQL: A new query language for hackers
https://blog.caido.io/introducing-httpql
EVALUATING BANKING APPS’ SECURITY AGAINST MOBILE THEFT: A MONZO CASE STUDY
https://fortbridge.co.uk/research/evaluating-security-of-banking-apps-against-mobile-theft-a-monzo-case-study/
Latest Nuclei Release v3.2.9!
https://github.com/projectdiscovery/nuclei/releases/tag/v3.2.9