43961
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android
https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/
3 ways to get Remote Code Execution in Kafka UI
https://github.blog/2024-07-22-3-ways-to-get-remote-code-execution-in-kafka-ui/
WhatsUp Gold Pre-Auth RCE GetFileWithoutZip Primitive
https://summoning.team/blog/progress-whatsup-gold-rce-cve-2024-4885
Exploiting the EvilVideo vulnerability on Telegram
Discovered a 0-day Telegram for Android exploit that allows sending malicious apps disguised as videos
https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/
Discovering an XML File Upload Vulnerability Lead to SSRF: My Bug Hunting Journey
javroot/discovering-an-xml-file-upload-vulnerability-lead-to-ssrf-my-bug-hunting-journey-8e1bac89f60f" rel="nofollow">https://medium.com/@javroot/discovering-an-xml-file-upload-vulnerability-lead-to-ssrf-my-bug-hunting-journey-8e1bac89f60f
I Created a Burp Suite Extension from SCRATCH
https://www.youtube.com/watch?v=9yXQ2UXfH4E
Live Recon: Hacking A Real Company
https://www.youtube.com/watch?v=qlSAaqsBbY8
Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated (Ep.77)
https://www.youtube.com/watch?v=9s0mX1KB-90
L'Oréal x YesWeHack: Live Bug Bounty event at LeHack 2024
https://www.youtube.com/watch?v=wVSZ5lCDyr4
APKscan: Scan for secrets, endpoints, API keys, tokens, credentials in Android apps
https://github.com/LucasFaudman/apkscan
Community-driven PTaaS vs. Automated Pentesting
https://www.hackerone.com/penetration-testing/ptaas-vs-automated-pentesting
XenForo <= 2.2.15 (Widget::actionSave) Cross-Site Request Forgery Vulnerability | Karma(In)Security
https://karmainsecurity.com/KIS-2024-05
Indirect Prompt Injection
https://www.youtube.com/watch?v=sHs8OZEFrAc
GitHub - exploits-forsale/collateral-damage: Kernel exploit for Xbox SystemOS using CVE-2024-30088
https://github.com/exploits-forsale/collateral-damage
What Is a Vulnerability Disclosure Program and Do You Need One?
https://www.hackerone.com/vulnerability-disclosure/what-vulnerability-disclosure-program-and-do-you-need-one
You Can't Spell WebRTC without RCE - Part 1
https://margin.re/2024/07/you-cant-spell-webrtc-without-rce-part-1/
SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts | Wiz Blog
https://www.wiz.io/blog/sapwned-sap-ai-vulnerabilities-ai-security
Hacking a 2014 tablet... in 2024!
https://blog.r0rt1z2.com/hacking-a-2014-tablet-in-2024.html
How Hackers Help Jedox Secure Cloud Assets and Stay One Step Ahead
https://www.hackerone.com/customer-stories/how-hackers-help-jedox-secure-cloud-assets-and-stay-one-step-ahead
1000$ IDOR : Unauthorized Project Inclusion in Expense
a13h1/1000-idor-unauthorized-project-inclusion-in-expense-b9ce08b28c71" rel="nofollow">https://medium.com/@a13h1/1000-idor-unauthorized-project-inclusion-in-expense-b9ce08b28c71
Electron JS ASAR Integrity Bypass
https://blog.souravkalal.tech/electron-js-asar-integrity-bypass-431ac4269ed5
Winning Together Through Synergy and Vulnerabilities
https://www.hackerone.com/engineering/winning-together-synergy-vulnerabilities
How I Hacked the Dutch Government: Exploiting an Innocent Image for Remote Code Execution
mukundbhuva/how-i-hacked-the-dutch-government-exploiting-an-innocent-image-for-remote-code-execution-df1fa936e46a" rel="nofollow">https://medium.com/@mukundbhuva/how-i-hacked-the-dutch-government-exploiting-an-innocent-image-for-remote-code-execution-df1fa936e46a
Latest Nuclei Release v3.3.0!
https://github.com/projectdiscovery/nuclei/releases/tag/v3.3.0
How to Bypass Golang SSL Verification
https://www.cyberark.com/resources/threat-research-blog/how-to-bypass-golang-ssl-verification
Find XSS on the Fly 🔥( Full guide )
zack0x01_/find-xss-on-the-fly-full-guide-300f07fb86ae" rel="nofollow">https://medium.com/@zack0x01_/find-xss-on-the-fly-full-guide-300f07fb86ae
Pwn2Own: Pivoting from WAN to LAN to Attack a Synology BC500 IP Camera, Part 2
https://claroty.com/team82/research/pivoting-from-wan-to-lan-synology-bc500-ip-camera
XBOW finds and exploits vulnerabilities in 75% of 647 renowned web benchmarks. Given a short description of the benchmark, it autonomously pursues high-level goals, executing commands and interpreting their output to achieve exploitation.
https://x.com/Xbow/status/1812853046956962065
Android & iOS mobile security cheatsheets
https://github.com/justmobilesec/Android-iOS-Cheat-Sheet/
How Ethical Hackers Are Securing Elections
https://www.hackerone.com/ethical-hacker/election-security