43247
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Kali Linux 2024.3 Release (Multiple transitions) | Kali Linux Blog
https://www.kali.org/blog/kali-linux-2024-3-release/
Exploiting JavaScript Interface for Unauthorized Access in a Kucoin cryptocurrency exchange Android app
https://hulkvision.github.io/blog/javascript-interface/exploiting-javascript-interface/
Burp Suite Performance Improvements
https://portswigger.net/blog/burp-suite-performance-improvements
Hunting for Hidden API Endpoints Using Katana and Hakraler
https://anasbetis023.medium.com/hunting-for-hidden-api-endpoints-using-katana-and-hakraler-ba0bd6b9611f
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/
[$12000] How I found 3 Critical 0-click TikTok Account Takeover Vulnerabilities, 2FA bypass & more security issues in TikTok’s system
https://vojtechcekal.medium.com/12000-3-critical-0-click-tiktok-account-takeover-vulnerabilities-2fa-bypass-more-security-78554827cfc3
My recon methodology for hunting CVE-2021–42063 led to discovering an RXSS vulnerability in the Tata Play program Part -2 .
karthithehacker/my-recon-methodology-for-hunting-cve-2021-42063-led-to-discovering-an-rxss-vulnerability-in-the-27a7aa435fd3" rel="nofollow">https://medium.com/@karthithehacker/my-recon-methodology-for-hunting-cve-2021-42063-led-to-discovering-an-rxss-vulnerability-in-the-27a7aa435fd3
Pride Month: Stories from Our LGBTQ+ Employees
https://www.hackerone.com/culture-and-talent/pride-month-stories-our-lgbtq-employees
Muscle up your bug bounty game (literally)!
https://www.youtube.com/watch?v=tCJTvII-9CI
YesWeHack Hunter Interviews – #9 Nagli: “When you’re a hacker you have some superpowers”
https://www.youtube.com/watch?v=dE4jRiXJh5w
Deploying Rust in Existing Firmware Codebases
http://security.googleblog.com/2024/09/deploying-rust-in-existing-firmware.html
Learn Android Hacking! - University Nevada, Las Vegas (2024)
https://www.youtube.com/watch?v=fPt6fJDjKKM
Introducing the URL validation bypass cheat sheet
https://portswigger.net/research/introducing-the-url-validation-bypass-cheat-sheet
CVE-2024-37084: Spring Cloud Remote Code Execution
https://blog.securelayer7.net/spring-cloud-skipper-vulnerability/
I Became HackerOne's Latest Most Valuable Hacker (h1-702 vlog)
https://www.youtube.com/watch?v=gPzDJ9BXvgc
Why Django’s [DEBUG=True] is a Goldmine for Hackers
verylazytech/why-djangos-debug-true-is-a-goldmine-for-hackers-01486289607d" rel="nofollow">https://medium.com/@verylazytech/why-djangos-debug-true-is-a-goldmine-for-hackers-01486289607d
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/
Common Ecommerce Vulnerabilities: Reflected XSS
https://www.hackerone.com/vulnerability-management/reflected-xss-ecommerce
Scanning All Vulnerability Disclosure Programs For Automated API Hacking
https://www.youtube.com/watch?v=1-bpQrWcZEA
Pentesting for NIST 800-53, FISMA, and FedRAMP
https://www.hackerone.com/security-compliance/nist-800-53-fisma-fedramp
Exploiting CI / CD Pipelines for fun and profit – Razz Security Blog
https://blog.razzsecurity.com/2024/09/08/exploitation-research/exploiting-ci-cd-pipelines-for-fun-and-profit/
Windows Wi-Fi Driver RCE Vulnerability - CVE-2024-30078 - Crowdfense
https://www.crowdfense.com/windows-wi-fi-driver-rce-vulnerability-cve-2024-30078/
Dependency Confusion: A Namespace Takeover Story
sakshirathore3478/dependency-confusion-a-namespace-takeover-story-fa334533bd50" rel="nofollow">https://medium.com/@sakshirathore3478/dependency-confusion-a-namespace-takeover-story-fa334533bd50
How I Discovered an HTTP Request Smuggling Vulnerability in a Major Web Console
https://cyberw1ng.medium.com/how-i-discovered-an-http-request-smuggling-vulnerability-in-a-major-web-console-5188b2b4c539
Latest Nuclei Release v3.3.2!
https://github.com/projectdiscovery/nuclei/releases/tag/v3.3.2
Revival Hijack - PyPI hijack technique exploited in the wild, puts 22K packages at risk
https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/
Reverse Engineering Obfuscated Flutter App
https://youtu.be/0uUSwMg2suk
How to Find XSS
https://www.hackerone.com/ethical-hacker/how-to-find-xss
[IDOR] Update another user’s profile
https://rhidayah.medium.com/idor-update-another-users-profile-79d0158ae60c
Celebrating International Women in Engineering Day
https://www.hackerone.com/culture-and-talent/celebrating-international-women-engineering-day