43961
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Getting Started with Exploit Development
https://dayzerosec.com/blog/2024/07/11/getting-started-2024.html
A Race to the Bottom - Database Transactions Undermining Your AppSec · Doyensec's Blog
https://blog.doyensec.com/2024/07/11/database-race-conditions.html
How a Single Vulnerability Can Bring Down the JavaScript Ecosystem - Lupin & Holmes
https://www.landh.tech/blog/20240603-npm-cache-poisoning/
Enhancing Asset Discovery: ProjectDiscovery Cloud Platform v0.8.8
https://blog.projectdiscovery.io/pdcp-0-8-8/
Live Recon: Hacking With STOK
https://www.youtube.com/watch?v=-U1yTtCsnZY
HackerOne Company Values Matter: Win as a Team
https://www.hackerone.com/culture-and-talent/hackerone-company-values-matter-win-team
Live Recon: Hacking Tinder's Bug Bounty Program (with @Rhynorater)
https://www.youtube.com/watch?v=IWIchfPJUGo
Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough | Oligo Security
https://www.oligo.security/blog/shelltorch-explained-multiple-vulnerabilities-in-pytorch-model-server
Why I Keep a Brag Document — and How It Can Help You
https://www.hackerone.com/engineering/brag-document
Just a moment...
gguzelkokar.mdbf15/from-long-term-hacking-to-instant-rewards-finding-sqli-in-3-minutes-worth-3125-ac36c6e950bf" rel="nofollow">https://medium.com/@gguzelkokar.mdbf15/from-long-term-hacking-to-instant-rewards-finding-sqli-in-3-minutes-worth-3125-ac36c6e950bf
*Rerun* of The OG Bug Bounty King - Frans Rosen (Ep. 75)
https://www.youtube.com/watch?v=Idx2Fy2GTjE
Just a moment...
kf106/the-problem-with-bug-bounties-0c5d956411d8" rel="nofollow">https://medium.com/@kf106/the-problem-with-bug-bounties-0c5d956411d8
Hello community! 👋
🚀 We are creating something new. We are looking for a full-stack or backend developer to join the team.
💎We want you to be the technical person of the team, able to develop the new ideas and integrations we need.
Currently, we don't have a big budget. We offer to be part of the team and share the profits.
📧 More info DM or hello@thebugbountyhunter.com
Thank you!
On Listening
https://www.hackerone.com/engineering/on-listening
Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF · Doyensec's Blog
https://blog.doyensec.com/2024/07/02/cspt2csrf.html
NPX Package Manager Confusion with Lupin!
https://www.youtube.com/watch?v=uUcSCA2q9OA
[For beginners] Introduction to Android Pentesting
https://owlhacku.com/introduction-to-android-pentesting/
Chaining Three Bugs to Access All Your ServiceNow Data
https://www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data
plORMbing your Prisma ORM with Time-based Attacks
https://www.elttam.com/blog/plorming-your-primsa-orm/
Fickle PDFs: exploiting browser rendering discrepancies
https://portswigger.net/research/fickle-pdfs-exploiting-browser-rendering-discrepancies
Pwn2Own: WAN-to-LAN Exploit Showcase
https://claroty.com/team82/research/pwn2own-wan-to-lan-exploit-showcase
GitHub - PhonePe/mantis: Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.
https://github.com/PhonePe/mantis
Live Recon: Hacking Dell's Bug Bounty Program
https://www.youtube.com/watch?v=9mdLNRD0IEI
Just a moment...
zack0x01_/how-ive-found-idor-xss-all-users-account-takeover-a49d59cf5108" rel="nofollow">https://medium.com/@zack0x01_/how-ive-found-idor-xss-all-users-account-takeover-a49d59cf5108
I Suggest You Take a Nap
https://www.hackerone.com/engineering/take-a-nap
Cross Site Scripting in TCL website
https://pankajupadhyay.in/2024/07/04/addressing-xss-vulnerabilities-a-case-study-with-tcl/
Hunting Bugs for RE Hunter 350 worth $2850
https://vijetareigns.medium.com/hunting-bugs-for-re-hunter-350-81338c4ebf20
A hacking hat-trick: previewing three PortSwigger Research publications coming to DEF CON & Black Hat USA
https://portswigger.net/research/a-hacking-hat-trick-previewing-three-portswigger-research-publications-coming-to-def-con-amp-black-hat-usa
June 2024 Newsletter
https://blog.projectdiscovery.io/newsletter-june-2024/
You can’t always win racing the (key)cloak
https://www.cyberark.com/resources/threat-research-blog/you-cant-always-win-racing-the-keycloak