43247
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Splitting the email atom: exploiting parsers to bypass access controls
https://portswigger.net/research/splitting-the-email-atom
[EN] Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
https://blog.orange.tw/2024/08/confusion-attacks-en.html?m=1
GitHub - securelayer7/CVE-2024-38856_Scanner: Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856)
https://github.com/securelayer7/CVE-2024-38856_Scanner
GDPR and Pentesting: What You Need to Know
https://www.hackerone.com/security-compliance/gdpr-pentesting
Pwn2Own VS H1 Live Hacking Event (feat SinSinology) (Ep. 80)
https://www.youtube.com/watch?v=S78r0Pc5ph4
Persistent XSS Vulnerability on Microsoft Bing’s Video Indexing System
https://m3ez.medium.com/persistent-xss-vulnerability-on-microsoft-bings-video-indexing-system-a46db992ac7b
Intigriti Kick off 2024
https://www.youtube.com/watch?v=bFxMhr9Do98
Exploiting authorization by nonce in WordPress plugins
https://nowotarski.info/wordpress-nonce-authorization/
Embracing Resilience: HackerOne's Approach to Disaster Recovery
https://www.hackerone.com/engineering/disaster-recovery
SSRF to Server Takeover PoC (Bug Bounty Writeup)
malvinval/ssrf-to-server-takeover-poc-bug-bounty-writeup-82d6715e333d" rel="nofollow">https://medium.com/@malvinval/ssrf-to-server-takeover-poc-bug-bounty-writeup-82d6715e333d
PentesterLab Blog: Good Enough - A look at Golang http.ServeFile
https://pentesterlab.com/blog/good-enough-golang-http-ServeFile
Beyond the Limit: Expanding single-packet race condition with a first sequence sync for breaking the 65,535 byte limit
https://flatt.tech/research/posts/beyond-the-limit-expanding-single-packet-race-condition-with-first-sequence-sync/
how I found a critical bug using response manipulation
matrixm0x1/how-i-found-a-critical-bug-using-response-manipulation-4403a562db12" rel="nofollow">https://medium.com/@matrixm0x1/how-i-found-a-critical-bug-using-response-manipulation-4403a562db12
Auditing Atlassian Plugins, 53 0-Days Later
https://cyllective.com/blog/posts/atlassian-audit-plugins
One-click account takeover. Victim clicks link, attacker gets auth token.
https://www.youtube.com/watch?v=QiE_F5dsFH0
Improving the security of Chrome cookies on Windows
http://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/
Listen to the whispers: web timing attacks that actually work
https://portswigger.net/research/listen-to-the-whispers-web-timing-attacks-that-actually-work
Introducing the httpx dashboard
https://blog.projectdiscovery.io/introducing-httpx-dashboard-2/
Exploiting pfsense Remote Code Execution – CVE-2022-31814 - Laburity
https://laburity.com/exploiting-pfsense-remote-code-execution-cve-2022-31814/
Blog: A deep dive into CVE-2023-2163: How we found and fixed an eBPF Linux Kernel Vulnerability
https://bughunters.google.com/blog/6303226026131456/a-deep-dive-into-cve-2023-2163-how-we-found-and-fixed-an-ebpf-linux-kernel-vulnerability
Splitting the email atom: exploiting parsers to bypass access controls
https://portswigger.net/research/splitting-the-email-atom
0.0.0.0 Day: Exploiting Localhost APIs From the Browser | Oligo Security
https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser
Advancing Asset Management - PDCP v0.8.9
https://blog.projectdiscovery.io/advancing-asset-management-pdcp-v0-8-9-2/
Vestaboard: Exploring Broken Access Controls and Privilege Escalation - Rhino Security Labs
https://rhinosecuritylabs.com/research/vestaboard-vulnerabilities/
CVE-2024-39877: Apache Airflow Arbitrary Code Execution
https://blog.securelayer7.net/arbitrary-code-execution-in-apache-airflow/
HackerOne Spot Checks for On-Demand, Targeted Security Testing
https://www.hackerone.com/vulnerability-management/spot-checks
Polyfill Supply Chain Attack
https://blog.securelayer7.net/polyfill-supply-chain-attack/
HackerOne's Cloud Security Capabilities for AWS Customers
https://www.hackerone.com/penetration-testing/hackerones-cloud-security-capabilities-aws-customers
GitHub - two06/CerealKiller: .NET deserialization hunter
https://github.com/two06/CerealKiller