43247
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Back to School - Exploiting a Remote Code Execution Vulnerability in Moodle
https://blog.redteam-pentesting.de/2024/moodle-rce/
Decoding Spotify Barcodes - Defcon 32 Coin Challenge Solution [2024]
https://www.youtube.com/watch?v=RpXbtmUGyXs
Sales Development Representatives Win as a Team
https://www.hackerone.com/culture-and-talent/sdr-win-team
Share the details sei protocol vulnerability worth $75k
https://exvul.com/share-the-details-sei-protocol-vulnerability-worth-75k/
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6 – MalwareTech
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Shielder - Vtiger CRM (<= 8.1.0) Broken Access Control in Migration module
https://www.shielder.com/advisories/vtiger-migration-bac/
Community-driven PTaaS vs. Traditional Pentesting
https://www.hackerone.com/penetration-testing/ptaas-vs-traditional-pentest
SQL Injection Explained With @BuildHackSecure + FREE LABS!
https://www.youtube.com/watch?v=EZXvxpbFqvg
Back to School - Exploiting a Remote Code Execution Vulnerability in Moodle
https://blog.redteam-pentesting.de/2024/moodle-rce/
What HackerOne Customers Can Tell You About Securing Organizational Buy-In for Ethical Hackers
https://www.hackerone.com/customer-stories/securing-organizational-buy-in
Private AI For All: Our End-To-End Approach to AI Privacy on Android
http://security.googleblog.com/2024/08/android-private-ai-approach.html
Post-Quantum Cryptography: Standards and Progress
http://security.googleblog.com/2024/08/post-quantum-cryptography-standards.html
How to root an Android device for analysis and vulnerability assessment
https://www.pentestpartners.com/security-blog/how-to-root-an-android-device-for-analysis-and-vulnerability-assessment/
From Zero to Hero: Your Guide to Building a Bug Bounty Program With HackerOne
https://www.hackerone.com/vulnerability-management/bug-bounty-program-guide
CVE-2024-22263: Spring Cloud Dataflow Arbitrary File Writing
https://blog.securelayer7.net/spring-cloud-data-flow-exploit/
karthithehacker/the-discovery-of-cve-2024-5947-authentication-bypass-in-deep-sea-electronics-dse855-5fa2e89cbdfb?source=rss------bug_bounty-5">The Discovery of CVE-2024–5947: Authentication Bypass in Deep Sea Electronics DSE855
karthithehacker/the-discovery-of-cve-2024-5947-authentication-bypass-in-deep-sea-electronics-dse855-5fa2e89cbdfb" rel="nofollow">https://medium.com/@karthithehacker/the-discovery-of-cve-2024-5947-authentication-bypass-in-deep-sea-electronics-dse855-5fa2e89cbdfb
Analysis of CVE-2024-43044 — From file read to RCE in Jenkins through agents
https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/
Crazy chaining technique for RCE through browser extensions!
https://www.youtube.com/watch?v=iTKXDTTm17s
Bypassing airport security via SQL injection
https://ian.sh/tsa
$15k RCE Through Monitoring Debug Mode
0xold/15k-rce-through-monitoring-debug-mode-4f474d8549d5" rel="nofollow">https://medium.com/@0xold/15k-rce-through-monitoring-debug-mode-4f474d8549d5
Just launched a brand new free module on SQL Injection. #bugbounty #hacking
https://www.youtube.com/watch?v=Y9N3xKEAahM
CVE Hunting Made Easy
https://projectblack.io/blog/cve-hunting-at-scale/
WebSec — CSRF/XSRF (Cross-Site Request Forgery)
meryemddalgali/websec-csrf-xsrf-cross-site-request-forgery-6c048c6323d1" rel="nofollow">https://medium.com/@meryemddalgali/websec-csrf-xsrf-cross-site-request-forgery-6c048c6323d1
Automated Bug Hunting With Semgrep — Somerset Recon
https://www.somersetrecon.com/blog/2024/automated-bug-hunting-with-semgrep
The Patchstack Zeroday Bug Bounty program will pay out the biggest ever public #bounty of $14.400 for a single #vulnerability report related to a free WordPress plugin. A critical vulnerability in the LiteSpeed Cache #plugin with 5+ million active installs that could have a catastrophic impact on the #WordPress ecosystem was eliminated
https://patchstack.com/articles/critical-privilege-escalation-in-litespeed-cache-plugin-affecting-5-million-sites/
Hacking and securing ElectronJS apps
https://pentesting.academy/p/hacking-and-securing-electronjs-apps
Intercepting Mobile Application Traffic with Caido and Frida
https://brownfinesecurity.com/blog/intercepting-mobile-traffic-with-caido-and-frida/
Try it for yourself: the latest PortSwigger Research from Black Hat USA
https://portswigger.net/blog/try-it-for-yourself-the-latest-portswigger-research-from-black-hat-usa
This technique halves the time to leak tokens!
https://www.youtube.com/watch?v=mRi4gba0Ung
WebSec — SSTI (Server Site Template Injection)
meryemddalgali/websec-ssti-server-site-template-injection-1a9603caa51e" rel="nofollow">https://medium.com/@meryemddalgali/websec-ssti-server-site-template-injection-1a9603caa51e