43247
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
From Limited file read to full access on Jenkins (CVE-2024-23897)
https://xphantom.nl/posts/crypto-attack-jenkins/
July 2024 Newsletter
https://blog.projectdiscovery.io/july-2024-newsletter/
Plug Security Holes in React Apps That Can Lead to API Exploitation
https://thenewstack.io/plug-security-holes-in-react-apps-that-can-lead-to-api-exploitation/
MITMing the Xbox 360 Dashboard for Fun and RCE
https://landaire.net/mitming-the-xbox-360-dashboard-for-rce-and-fun/
Running Nuclei On All My Bug Bounty Programs
https://www.youtube.com/watch?v=pEtDrTF3PHk
Louis Vuitton sets trend with YesWeHack live hacking event
https://www.yeswehack.com/fr/news/louis-vuitton-live-hacking-event
Exploiting Insecure Output Handling in LLMs
https://www.youtube.com/watch?v=ZySEV5SwTTE
scanning every #bugbounty program with nuclei
https://www.youtube.com/watch?v=A61oH0je-_c
Building security into the redesigned Chrome downloads experience
http://security.googleblog.com/2024/07/building-security-into-redesigned.html
Sustaining Digital Certificate Security - Entrust Certificate Distrust
http://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html
Definitely worth checking out this postMessage tracker!
https://www.youtube.com/watch?v=-FicRWxdFiE
Studying 0days: How we hacked Anki, the world's most popular flashcard app
https://skii.dev/anki-0day/
ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions
https://www.tenable.com/blog/confusedfunction-a-privilege-escalation-vulnerability-impacting-gcp-cloud-functions
How a Business Logic Vulnerability Led to Unlimited Discount Redemption
https://www.hackerone.com/vulnerability-management/stripe-business-logic-error-bug
🔐 Level Up Your SAP Security Skills!
RedRays presents an exclusive SAP Security Training:
✅ 2/3 days of intensive learning
✅ Hands-on exercises led by experts
✅ Real-world attack and defense scenarios
✅ Choose online or on-site training
Course highlights:
- SAP vulnerability detection
- Exploitation techniques and defenses
- SAP Cloud Connector security
- Analysis of critical SAP T-codes
Led by Vahagn Vardanyan, a recognized expert in enterprise application security.
Secure your SAP infrastructure! Enroll now 👇
https://redrays.io/sap-security-training/
LinkedIn Company: https://www.linkedin.com/company/redrays/
Unlock enhanced API scanning with Burp Suite
https://portswigger.net/blog/unlock-enhanced-api-scanning-with-burp-suite
The biggest #WordPress #BugBounty program by @patchstackapp has a special event - "Back to SQL".
We are one month away from September, so it's your chance to end the summer on a high note before going back to school or university!
https://discord.gg/rkE8yxtNmS
Never seen before, bounties of up to $14,400 per reported vulnerability are now available on the #WordPress #Zeroday #Bug #Bounty program by @Patchstack.
There's no better playground for security researchers and ethical hackers!
https://discord.gg/rkE8yxtNmS
The biggest #WordPress #BugBounty program by @patchstackapp got a significant upgrade!
Monthly competition bounties are now two times bigger, and instead of TOP 15, it's now TOP 20 with a minimal guaranteed bounty pool of $8,800 monthly and more upgrades!
https://patchstack.com/articles/biggest-wordpress-bug-bounty-program-upgrade-is-here/
AI Developers’ AMA: AI System Design and Development
https://www.hackerone.com/ai/developers-system-design-development
Information Disclosure that made me $2000 in under 5 minutes
sugamdangal52/information-disclosure-that-made-me-2000-in-under-5-minutes-63e1ce00ca07" rel="nofollow">https://medium.com/@sugamdangal52/information-disclosure-that-made-me-2000-in-under-5-minutes-63e1ce00ca07
Over 1 Million websites are at risk of sensitive information leakage
https://salt.security/blog/over-1-million-websites-are-at-risk-of-sensitive-information-leakage---xss-is-dead-long-live-xss
What You Need to Know About the EU’s Cyber Resilience Act
https://www.hackerone.com/public-policy/eu-cyber-resilience-act
SAML: How it Works, Vulnerabilities and Common Attacks
https://www.vaadata.com/blog/saml-how-it-works-vulnerabilities-and-common-attacks/
Security@: The Top 3 Bug Bounty Lessons From Security Leaders
https://www.hackerone.com/customer-stories/security-lessons
Anyone can Access Deleted and Private Repository Data on GitHub ◆ Truffle Security Co.
https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github
Live Recon: Hacking A Real Organization (Bug Bounty)
https://www.youtube.com/watch?v=VlWYb6rTa50
GitHub - mqst/gouge: Gouge is a simple Burp extension to extract or gouge all URLs which are seen in JS files as you visit different websites/webpages in Burp Suite
https://github.com/mqst/gouge
CVE-2019-8805: Apple EndpointSecurity framework Privilege Escalation
https://blog.securelayer7.net/applied-endpointsecurity-framework-previlege-escalation/
This is The Fastest Hacking & Recon Tool
https://www.youtube.com/watch?v=7v6t6O0LMiY