43247
Happy hunting! thebugbountyhunter.com hello@thebugbountyhunter.com
Finding Vulnerability Variants at Scale
https://blackwinghq.com/blog/posts/finding-vulnerability-variants-at-scale/
Safer with Google: Advancing Memory Safety
http://security.googleblog.com/2024/10/safer-with-google-advancing-memory.html
Google's Mobile VRP Behind the Scenes with Kristoffer Blasiak (Hextree Podcast Ep.1)
https://www.youtube.com/watch?v=SyTy1uZgx8E
Bringing new theft protection features to Android users around the world
http://security.googleblog.com/2024/10/android-theft-protection.html
Recognising Our Stars: Announcing the Nuclei Templates Community Leaderboard and Rewards!
https://blog.projectdiscovery.io/announcing-the-nuclei-templates-community-leaderboard-and-rewards/
Ferrero x YesWeHack: Italy's First-Ever Live Hacking Event at RomHack 2024
https://www.youtube.com/watch?v=UFQO7pNsMoU
Amazon Paid Hackers $2.1M+ in Bounties (h1-0131 vlog)
https://www.youtube.com/watch?v=SdDEgvPahUY
IDOR : Step by Step guide to Account Takeover of Any User
360Security/idor-step-by-step-guide-to-account-takeover-of-any-user-cb90bbcfd0fc" rel="nofollow">https://medium.com/@360Security/idor-step-by-step-guide-to-account-takeover-of-any-user-cb90bbcfd0fc
Using Chrome's accessibility APIs to find security bugs
http://security.googleblog.com/2024/10/using-chromes-accessibility-apis-to.html
GitHub - doyensec/CSPTPlayground: CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).
https://github.com/doyensec/CSPTPlayground
My theory on how the webp 0day was discovered #short
https://www.youtube.com/watch?v=CS128zYJSmw
Introduction to the Exploitation of Xamarin Apps
justmobilesec/introduction-to-the-exploitation-of-xamarin-apps-fde4619a51bf" rel="nofollow">https://medium.com/@justmobilesec/introduction-to-the-exploitation-of-xamarin-apps-fde4619a51bf
258 - Summer Recap: Phrack, Off-by-One, and RCEs
https://dayzerosec.com/podcast/258.html
This Bug Got Me A $30,000 Bounty
https://www.youtube.com/watch?v=Mt32ZHP4790
HIPAA and Pentesting: What You Need to Know
https://www.hackerone.com/security-compliance/hipaa-pentesting
DEF CON 32 talk recordings
https://www.youtube.com/playlist?list=PL9fPq3eQfaaB2scbXRczwvjVH0ckX4bwt
Escaping the Chrome Sandbox Through DevTools
https://ading.dev/blog/posts/chrome_sandbox_escape.html
Introducing HackerOne Gateway Internal Network Testing: Superior Security for Internal Networks
https://www.hackerone.com/penetration-testing/gateway-internal-network-testing
Security Analysis of WeChat’s MMTLS Encryption Protocol
https://citizenlab.ca/2024/10/should-we-chat-too-security-analysis-of-wechats-mmtls-encryption-protocol/
CloudGoat: New Scenario and Walkthrough (sns_secrets) - Rhino Security Labs
https://rhinosecuritylabs.com/research/cloudgoat-sns_secrets/
Intigriti Live Stream
https://www.youtube.com/watch?v=h7f5JDOItTc
How a GraphQL Bug Resulted in Authentication Bypass
https://www.hackerone.com/vulnerability-management/graphql-authentication-bypass
Lessons from HackerOne’s First Recharge Week
https://www.hackerone.com/culture-and-talent/lessons-hackerones-first-recharge-week
How long does it take to find a bug in a new scope?
https://www.youtube.com/watch?v=vzaIJSqYYDM
Can You Get Root With Only a Cigarette Lighter? | Blog
https://www.da.vidbuchanan.co.uk/blog/dram-emfi.html#can-you-get-root-with-only-a-cigarette-lighter
Are You Ready for the New NIST Control Around Public Disclosure Programs?
https://www.hackerone.com/security-compliance/nist-vdp-control
Export to GBounty is a Burp Suite extension that enables users to export selected HTTP requests from Burp Suite into a compressed ZIP file. The exported ZIP file can be utilized with the GBounty scanner.
https://github.com/BountySecurity/export-to-gbounty
Why Code Security Matters - Even in Hardened Environments
https://www.sonarsource.com/blog/why-code-security-matters-even-in-hardened-environments/
GitHub - mbog14/CVE-2024-44193: Hacking Windows through iTunes - Local Privilege Escalation 0-day
https://github.com/mbog14/CVE-2024-44193
Exploiting trust: Weaponizing permissive CORS configurations
https://outpost24.com/blog/exploiting-permissive-cors-configurations/