43247
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Eliminating Memory Safety Vulnerabilities at the Source
http://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html
Bypassing Filters: SSRF Exploitation via DNS Rebinding with Just 1 in 30 Successful Requests
mokhansec/bypassing-filters-ssrf-exploitation-via-dns-rebinding-with-just-1-in-30-successful-requests-2fdc3a9cfd7d" rel="nofollow">https://medium.com/@mokhansec/bypassing-filters-ssrf-exploitation-via-dns-rebinding-with-just-1-in-30-successful-requests-2fdc3a9cfd7d
Google & Arm - Raising The Bar on GPU Security
http://security.googleblog.com/2024/09/google-arm-raising-bar-on-gpu-security.html
Full Account Takeover via Facebook OAuth Misconfiguration
0x_xnum/full-account-takeover-via-facebook-oauth-misconfiguration-9e30fe1c1da1" rel="nofollow">https://medium.com/@0x_xnum/full-account-takeover-via-facebook-oauth-misconfiguration-9e30fe1c1da1
Latest Nuclei Release v3.3.3!
https://github.com/projectdiscovery/nuclei/releases/tag/v3.3.3
The MISSING PLUGIN for API Testing!
https://www.youtube.com/watch?v=BmPiHkpz3MA
Hacking Kia: Remotely Controlling Cars With Just a License Plate
https://samcurry.net/hacking-kia
Latest Nuclei Release v3.3.3!
https://github.com/projectdiscovery/nuclei/releases/tag/v3.3.3
CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential Vulnerability Deep-Dive – Horizon3.ai
https://www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/
Feedback-Driven Interviewing at HackerOne
https://www.hackerone.com/culture-and-talent/feedback-driven-interviewing-hackerone
256 - Future of the Windows Kernel and Encryption Nonce Reuse
https://dayzerosec.com/podcast/256.html
Unauthenticated API Endpoint to Create Support Ticket Worth $500
https://vijetareigns.medium.com/unauthenticated-api-endpoint-to-create-support-ticket-worth-500-789e91ad9a00
Hacking and securing ElectronJS apps
https://pentesting.academy/p/hacking-and-securing-electronjs-apps
StarkeBlog - CVE Wednesday - CVE-2024-20439
https://starkeblog.com/cve-wednesday/cisco/2024/09/20/cve-wednesday-cve-2024-20439.html
Using YouTube to steal your files
https://lyra.horse/blog/2024/09/using-youtube-to-steal-your-files/
Modern iOS Pentesting: No Jailbreak Needed - My Framer Site
https://dvuln.com/blog/modern-ios-pentesting-no-jailbreak-needed
Latest Nuclei Release v3.3.4!
https://github.com/projectdiscovery/nuclei/releases/tag/v3.3.4
Plan Ristriction Bypass for Slack Integration: 500$ Improper Validation Check Bug
a13h1/plan-ristriction-bypass-for-slack-integration-500-improper-validation-check-bug-0c1acf6f01d3" rel="nofollow">https://medium.com/@a13h1/plan-ristriction-bypass-for-slack-integration-500-improper-validation-check-bug-0c1acf6f01d3
Zimbra - Remote Command Execution (CVE-2024-45519)
https://blog.projectdiscovery.io/zimbra-remote-code-execution/
10 Years of the GitHub Security Bug Bounty Program
https://www.hackerone.com/customer-stories/10-years-github-security-bug-bounty-program
Attacking UNIX Systems via CUPS, Part I
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
Wiz Research Finds Critical NVIDIA AI Vulnerability Affecting Containers Using NVIDIA GPUs, Including Over 35% of Cloud Environments | Wiz Blog
https://www.wiz.io/blog/wiz-research-critical-nvidia-ai-vulnerability
RedTeam Pentesting GmbH - WatchGuard SSO Protocol is Unencrypted and Unauthenticated
https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-006/
API Security: The 6 biggest challenges AppSec teams face, and how to solve them.
https://portswigger.net/blog/api-security-the-6-biggest-challenges-appsec-teams-face-and-how-to-solve-them
A step-by-step guide to writing an iOS kernel exploit
https://alfiecg.uk/2024/09/24/Kernel-exploit.html
The Hacker Mentality
https://www.youtube.com/watch?v=X2uK5fd0VxA
What HackerOne Customers Say About the Problems Hackers Solve
https://www.hackerone.com/customer-stories/hackers-solve-problems
4 exploits, 1 bug: exploiting CVE-2024-20017 4 different ways
https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html
Simplifying XSS Detection with Nuclei - A New Approach
https://blog.projectdiscovery.io/simplifying-xss-detection-with-nuclei/
Pentesting for Web Applications
https://www.hackerone.com/penetration-testing/web-applications