43247
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Hacking your first IoT device
https://www.youtube.com/watch?v=CH7frqtPvfU
Exploiting Android Client WebViews with Help from HSTS
https://seanpesce.blogspot.com/2024/09/exploiting-android-client-webviews-with.html
Hacking GitLab Instances For A $5,000 Bounty (2 Examples)
https://www.youtube.com/watch?v=KfoOl8RhlhQ
Advanced Frida Usage Part 10 – Instruction Tracing using Frida Stalker
https://8ksec.io/advanced-frida-usage-part-10-instruction-tracing-using-frida-stalker/
255 - Iterating Exploits & Extracting SGX Keys
https://dayzerosec.com/podcast/255.html
[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package
p0lyxena/2-500-bug-bounty-write-up-remote-code-execution-rce-via-unclaimed-node-package-6b9108d10643" rel="nofollow">https://medium.com/@p0lyxena/2-500-bug-bounty-write-up-remote-code-execution-rce-via-unclaimed-node-package-6b9108d10643
What is OSINT? (With Examples)
https://www.youtube.com/watch?v=oLyVOhV9kSw
CVE-2024-8190: Investigating CISA KEV Ivanti Cloud Service Appliance Command Injection Vulnerability – Horizon3.ai
https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection/
What HackerOne Customers Say About Remediating Vulnerabilities and Getting the Best Results From Hackers
https://www.hackerone.com/customer-stories/get-the-most-from-hackers
Attacking PowerShell CLIXML Deserialization
https://www.truesec.com/hub/blog/attacking-powershell-clixml-deserialization
Introducing Burp Suite’s game-changing performance update ⚡🏎️
https://portswigger.net/blog/introducing-burp-suites-game-changing-performance-update
CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability – Horizon3.ai
https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29847-deep-dive-ivanti-endpoint-manager-agentportal-deserialization-of-untrusted-data-remote-code-execution-vulnerability/
Performance Improvements to table sorting and Repeater
https://portswigger.net/blog/performance-improvements-to-table-sorting-and-repeater
Brainstorming Proxy Plugins (Ep.83)
https://www.youtube.com/watch?v=VLc5YVNcHw0
YesWeHack Customer Story: ATG, Swedish betting and horseracing company
https://www.youtube.com/watch?v=2BiMOkU5FMY
Hidden Among the Clouds: A Look at Undocumented AWS APIs
https://fwdcloudsec.org/assets/presentations/2024/europe/nick-frichette-hidden-among-the-cloud-a-look-at-undocumented-aws-apis.pdf
L’Oréal x YesWeHack: Why the cosmetics giant held a Live Bug Bounty
https://www.youtube.com/watch?v=zTsXIzorAxs
Vulnerabilities in Open Source C2 Frameworks - Include Security Research Blog
https://blog.includesecurity.com/2024/09/vulnerabilities-in-open-source-c2-frameworks/amp/
DORA: What You Need to Know
https://www.hackerone.com/penetration-testing/dora
A bypass on GitLab’s Login Email Verification via OAuth ROPC flow.
cybxis/a-bypass-on-gitlabs-login-email-verification-via-oauth-ropc-flow-e194242cad96" rel="nofollow">https://medium.com/@cybxis/a-bypass-on-gitlabs-login-email-verification-via-oauth-ropc-flow-e194242cad96
SSD Advisory – LANCOM LCOS Heap Overflow
https://ssd-disclosure.com/ssd-advisory-lancom-lcos-heap-overflow/
GitHub - RootUp/SmuggleSheild: Basic protection against HTML smuggling attempts.
https://github.com/RootUp/SmuggleSheild
Jailbreak your Enemies with a Link: Remote Execution on iOS
The Trident Exploit Chain deep-dive (Part I)
https://jacobbartlett.substack.com/p/jailbreak-enemies-with-a-link-remote-execution
Escalating from Reader to Contributor in Azure API Management
https://binarysecurity.no/posts/2024/09/apim-privilege-escalation
A new path for Kyber on the web
http://security.googleblog.com/2024/09/a-new-path-for-kyber-on-web.html
Exploring Deserialization Attacks and Their Effects
https://haymiz.dev/security/2024/09/07/deserialization-attacks/
Introduction to Android Bytecode Exploitation (Part 1)
https://lolcads.github.io/posts/2024/09/bytecode_exploitation_0/
Introducing HackerOne's Hai API: Revolutionize Your Workflow Automation with AI
https://www.hackerone.com/ai/hai-api
Diving into ADB protocol internals (1/2)
https://www.synacktiv.com/publications/diving-into-adb-protocol-internals-12
Azure Config Review - Nuclei Templates v10.0.0 🎉
https://blog.projectdiscovery.io/azure-config-review-with-nuclei/