43247
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Bounty Security Releases GBounty: Our Web Scanning Tools Are Now Open Source
https://bountysecurity.ai/blogs/news/bounty-security-releases-gbounty-our-web-scanning-tools-are-now-open-source
Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems
http://security.googleblog.com/2024/10/pixel-proactive-security-cellular-modems.html
Exploiting Visual Studio via dump files - CVE-2024-30052
https://ynwarcs.github.io/exploiting-vs-dump-files
Evaluating Mitigations & Vulnerabilities in Chrome
http://security.googleblog.com/2024/10/evaluating-mitigations-vulnerabilities.html
How to dump /etc/passwd with "%3F" 🤯
https://www.youtube.com/watch?v=Z9B5mCHJ6hw
Class Pollution in Ruby: A Deep Dive into Exploiting Recursive Merges · Doyensec's Blog
https://blog.doyensec.com/2024/10/02/class-pollution-ruby.html
My theory on how the webp 0day was discovered (BLASTPASS)
https://www.youtube.com/watch?v=_ACCK0AUQ8Q
Streamline Report Management with Custom Inboxes: Reducing Delays and Security Risks
https://www.hackerone.com/vulnerability-management/custom-inbox-enhancements
Eliminating Memory Safety Vulnerabilities at the Source
http://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html
September 2024 Newsletter
https://blog.projectdiscovery.io/september-2024-newsletter/
Hacking Websites With A Zip File (Zip Slip)
https://www.youtube.com/watch?v=4sKlbMiGWAw
XSS + OAuth Misconfigs = Token Theft and ATO
7odamoo/xss-oauth-misconfigs-token-theft-and-ato-d0837c44cd31" rel="nofollow">https://medium.com/@7odamoo/xss-oauth-misconfigs-token-theft-and-ato-d0837c44cd31
Spot an exploit, stop the attacker, secure the assets. TL;DR: It works! - Bitfinding - Blockchain Offensive Security For The Good
https://bitfinding.com/blog/54k-rescue-on-arbitrum-network
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 3)
https://www.ambionics.io/blog/iconv-cve-2024-2961-p3
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)
https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
Bounty Security Releases GBounty: Our Web Scanning Tools Are Now Open Source
https://bountysecurity.ai/blogs/news/bounty-security-releases-gbounty-our-web-scanning-tools-are-now-open-source
Ruby-SAML / GitLab Authentication Bypass (CVE-2024-45409)
https://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass/
Hack My Career: Meet Naz Bozdemir
https://www.hackerone.com/culture-and-talent/hack-my-career-meet-naz-bozdemir
Pwning LLaMA.cpp RPC Server
https://pwner.gg/2024/10/03/llama-cpp-cves/
Reverse Engineering and Dismantling Kekz Headphones
https://nv1t.github.io/blog/kekz-headphones/
GitHub - RevoltSecurities/Subdominator: SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty
https://github.com/RevoltSecurities/Subdominator
HTTP Parameter Pollution in 2024 !
0xAwali/http-parameter-pollution-in-2024-32ec1b810f89" rel="nofollow">https://medium.com/@0xAwali/http-parameter-pollution-in-2024-32ec1b810f89
PentesterLab Blog: Hiring Your First AppSec Engineer: The Technical Interview
https://pentesterlab.com/blog/technical-interview-for-your-first-appsec-engineer
257 - Attack of the CUPS and Exploiting Web Views via HSTS
https://dayzerosec.com/podcast/257.html
Zimbra - Remote Command Execution (CVE-2024-45519)
https://blog.projectdiscovery.io/zimbra-remote-code-execution/
Announcing Pioneers, ProjectDiscovery's Ambassador Program
https://blog.projectdiscovery.io/announcing-pioneers-projectdiscoverys-ambassador-program/
GitHub - saw-your-packet/CloudShovel: A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where we scanned 20k+ public AMIs.
https://github.com/saw-your-packet/CloudShovel
Finding classes for exploiting Unsafe Reflection / Unchecked Class Instantiation vulnerabilities in Java with Joern
https://blog.convisoappsec.com/en/finding-classes-to-exploit-insecure-unchecked-vulnerabilities-in-java-with-joern/
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 2)
https://www.ambionics.io/blog/iconv-cve-2024-2961-p2
How HackerOne Organizes a Remote Hack Week
https://www.hackerone.com/culture-and-talent/how-hackerone-organizes-remote-hack-week